SERVER-MAIL -- Snort has detected traffic exploiting vulnerabilities in mail servers (such as Exchange, Courrier). These are different from protocol traffic, as this deals with the traffic going to the mail server itself.
SERVER-MAIL Postfix IPv6 Relaying Security Issue
This event is generated when an attempt to exploit CVE-2005-0337 is detected.
There is a vulnerability in the way Postfix handles the relaying of e-mail messages. In certain configurations, the vulnerable Postfix becomes an open relay for mail addressed to MX host with IPv6 addresses. An attacker can exploit this flaw to deliver bulk arbitrary mail, using 3rd party resources, to an e-mail gateway with IPv6 addresses registered.
A successful attack allows an attacker to use the target Postfix as an open relay to MX hosts with IPv6 addresses. The target will relay mail from an untrusted SMTP client. The vulnerable system may be used to send unsolicited e-mail such as spam.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2005-0337Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
||Ease of Access||LOW