This article will be of interest to the following people:
1. You have a Domino SMTP MTA which is pre-release 6 (or Release 6 but you haven’t configured it properly!)
2. You do not use a mail relay which checks the addresses for validity before accepting the messages
Again as per the last post this problem is several years old but I still see it in enterprise environments today.
What is the problem?
Well what should happen if I am an email server I have an email for companyb.com. I contact companyb.com and tell their gateway in a handshake who I have messages for. They reply with one message for any addresses that are invalid. All handled at a protocol level without the message even entering companyb.com’s domain.
So how did/does Domino work by default. Well it accepts the message and then does an address lookup generating a non delivery report for each incorrect address.
Well lets say I spoofed the sender address to be email@example.com. Company C use Domino but don’t run the proper name resolution at SMTP protocol levels. I then send a message from firstname.lastname@example.org with a 10 MB attachment. I send if to email@example.com to firstname.lastname@example.org. I do this 100 times because managing director has just sacked me and I’m upset.
What will happen…..well Domino will try and generate 100,000 emails with a 10MB attachment and try and send them internally to email@example.com because it thinks he has sent 100,000 incorrectly addressed messages.