Sendmail shipped with IBM AIX is configured by default as an open mail relay. Unauthenticated, remote users can route mail through such a system.
Sendmail is a widely used mail transfer agent (MTA) that is included with IBM AIX. According to IBM:
The default configuration files for sendmail enable three sendmail options which allow arbitrary users to route email via sendmail. The options are "promiscuous_relay", "accept_unresolvable_domains" and "accept_unqualified_senders".
Any remote user can route mail through sendmail on a vulnerable IBM AIX system. This configuration is called an "open relay" and such systems are frequently abused to deliver unsolicited commercial email (UCE) or SPAM.
Modify sendmail Configuration
Block or Restrict Access
This vulnerability was reported by Tom Perrine of the San Diego Supercomputer Center.
This document was written by Art A Manion.
|Date First Published:||2003-06-17|
|Date Last Updated:||2003-06-17 22:43 UTC|