Facebook
Twitter
TITLE:
Security bug: SpamAssassin Mail Handler bypass
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:Plesk Onyx 17.8.11 (any tested version really)
CentOS Linux release 7.5.1804 (Core)
x86_64
PROBLEM DESCRIPTION:CentOS Linux release 7.5.1804 (Core)
x86_64
Anyone can send a mail bypassing spam filter if he don´t defines a mail FROM: (<>) in SMTP connection.
STEPS TO REPRODUCE:# telnet RemotePleskServer 25
ehlo localhost
mail FROM:<>
rcpt TO: <[email protected]>
data
from: [email protected]
Subject: Hi Plesk developer
You are fired!
.
quit
ACTUAL RESULT:ehlo localhost
mail FROM:<>
rcpt TO: <[email protected]>
data
from: [email protected]
Subject: Hi Plesk developer
You are fired!
.
quit
Logs:
spamassassin[20535]: cannot get sender domain
spamassassin[20535]: Unable to intialize spamassassin mail handler
postfix-local[20534]: Error during 'spam' handler
Spam mail headers:
[-]
EXPECTED RESULT:spamassassin[20535]: cannot get sender domain
spamassassin[20535]: Unable to intialize spamassassin mail handler
postfix-local[20534]: Error during 'spam' handler
Spam mail headers:
[-]
logs:
spamassassin[28956]: Starting the spamassassin filter...
spamd[4891]: spamd: connection from localhost [::1]:58576 to port 783, fd 6
spamd[4891]: spamd: using default config for [email protected]: /var/qmail/mailnames/domain.com/user/.spamassassin/user_prefs
spamd[4891]: spamd: processing message (unknown) for [email protected]:30
spamd[4891]: spamd: clean message (6.6/7.0) for [email protected]:30 in 0.3 seconds, 717 bytes.
spamd[4891]: spamd: result: . 6 - FSL_HELO_NON_FQDN_1,HEADER_FROM_DIFFERENT_DOMAINS,HELO_LOCALHOST,MISSING_DATE,MISSING_HEADERS,MISSING_MID scantime=0.3,size=717,[email protected],uid=30,required_score=7.0,rhost=localhost,raddr=::1,rport=58576,mid=(unknown),autolearn=no autolearn_force=no
Spam mail headers:
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on XXXX.XXXXXX.com
X-Spam-Level: ******
X-Spam-Status: No, score=6.6 required=7.0 tests=FSL_HELO_NON_FQDN_1,
HEADER_FROM_DIFFERENT_DOMAINS,HELO_LOCALHOST,MISSING_DATE,MISSING_HEADERS,
MISSING_MID autolearn=no autolearn_force=no version=3.4.0
ANY ADDITIONAL INFORMATION:spamassassin[28956]: Starting the spamassassin filter...
spamd[4891]: spamd: connection from localhost [::1]:58576 to port 783, fd 6
spamd[4891]: spamd: using default config for [email protected]: /var/qmail/mailnames/domain.com/user/.spamassassin/user_prefs
spamd[4891]: spamd: processing message (unknown) for [email protected]:30
spamd[4891]: spamd: clean message (6.6/7.0) for [email protected]:30 in 0.3 seconds, 717 bytes.
spamd[4891]: spamd: result: . 6 - FSL_HELO_NON_FQDN_1,HEADER_FROM_DIFFERENT_DOMAINS,HELO_LOCALHOST,MISSING_DATE,MISSING_HEADERS,MISSING_MID scantime=0.3,size=717,[email protected],uid=30,required_score=7.0,rhost=localhost,raddr=::1,rport=58576,mid=(unknown),autolearn=no autolearn_force=no
Spam mail headers:
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on XXXX.XXXXXX.com
X-Spam-Level: ******
X-Spam-Status: No, score=6.6 required=7.0 tests=FSL_HELO_NON_FQDN_1,
HEADER_FROM_DIFFERENT_DOMAINS,HELO_LOCALHOST,MISSING_DATE,MISSING_HEADERS,
MISSING_MID autolearn=no autolearn_force=no version=3.4.0
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:Confirm bug
Last edited:
