[plug] off topic - locating email address

John Summerfield summer at os2.ami.com.au
Fri Sep 18 21:57:51 WST 1998

On Thu, 17 Sep 1998, David Campbell wrote:

> *snip*
> > Not so.
> > If you use the command
> > nslookup -type=mx ami.com.au
> > 
> > you will find that a machine at omen.com.au is listed as a mail exchanger.
> > However, you can't address email intended for me to their machine.
> *timeout*
> A MX record means that the machine will accept email on the behalf of the target
> destination. You should also see a "priority number" (lower is prefered), basically
> omen.com.au will be asked to spool email should none of the MX record machines
> with a lower number are available.
> Perhaps most people don't know about the forwarding email through a third party.
> Perhaps this is what Lindsay is trying to avoid. Basically it works like this:
> an email to => user%host1.domain1%host2.domain2 at host3.domain3
> will be received by host3.domain3 which will drop everything to the right of 
> (and including) the"@". It will notice the "%" in the user name. The default
> action is to convert the right most "%" to "@" and then process it.
> Hence the email is addressed to user%host1.domain1 at host2.domain2
> and is promptly sent to host2.domain2.
> host2.domain2 does the same thing (drop the "@###" and convert right most
> "%") so the email is now addressed to user at host1.domain1.
> If you don't believe this actually occurs, check the email headers of this
> message.

The problem Lindsay had is that earlier sendmails (prior to about 8.8)
would relay for anyone. I could configure my mail software to forward all
my outgoing mail by some arbitrary host: compuserve and iiNet are two
victims of this misuse I know about.

The "benefit" to spammers is that they can use this technique to send mail
to people who've blocked the originating site.

I've heard a report from iiNet that spammers are using their dialup
costomers to relay their mail.

Another problem, not fixed until sendmail 8.9, is that in the greeting
message, if the sending software says something like
helo ihaveanextraordinaril6ylongdomainnamethatexceeds1k(orwasitfourk?)
sendmail's buffer would overflow and it simply doesn't report the sending
host's real name.

The "percent hack" can be configured out: its original uses include explicit
routing of mail through firewalls. I think a related problem exists that
allows this kind of routing: mail addressed to
summer at webpages@os2.ami.com.au will go to os2.ami.com which will then try
to find a host called webpages.

At least, it used to: I sometimes got copies of bounce messages caused by
people trying to spam me. It's not happened recently:  possibly sendmail
8.9.1 fixes that too.


John Summerfield
http://os2.ami.com.au/os2/ for OS/2 support.
Configuration, networking, combined IBM ftpsites index.

More information about the plug mailing list