Short Name |
APP:POSTFIX-IPV6-RELAYING-ISSUE |
---|---|
Severity |
Major |
Recommended |
No |
Category |
APP |
Keywords |
Postfix IPv6 Relaying Security Issue |
Release Date |
2015/06/12 |
Update Number |
2504 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
There is a vulnerability in the way Postfix handles the relaying of e-mail messages. In certain configurations, the vulnerable Postfix becomes an open relay for mail addressed to MX host with IPv6 addresses. An attacker can exploit this flaw to deliver bulk arbitrary mail, using 3rd party resources, to an e-mail gateway with IPv6 addresses registered. A successful attack allows an attacker to use the target Postfix as an open relay to MX hosts with IPv6 addresses. The target will relay mail from an untrusted SMTP client. The vulnerable system may be used to send unsolicited e-mail such as spam.
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.