COMMAND
Lotus Domino
SYSTEMS AFFECTED
Lotus Domino 4.x, 5.x
PROBLEM
Ian Gulliver found following. Some oddly formed mail envelopes
can cause Lotus Domino to enter a mail routing loop and consume
100% CPU.
When a message is sent to a Lotus Domino server with an envelope
similar to:
MAIL FROM:<bounce@[127.0.0.1]>
RCPT TO:<address@domain.com>
where domain.com is not local to the server in question, the
server attempts to bounce the message, and the bounce goes into a
loop, constantly being sent back to the same server.
This has been confirmed on Lotus Domino R4.63, R5.01, R5.05 and
R5.08
SOLUTION
Shut down the mail server, delete the offending message from
queue and restart the server. This won't stop the exact same
thing from happening again.
There is "Solution v1.0pl1" for this. Open Domino Administrator
and connect to your Domino server. Click on the "Configuration"
tab, then on the left pane expand "Messaging" submenu, select
"Configurations". On the right pane select your server to open
it's configuration panel.
Now, you'll be presented with new window named "Configuration for
server/DOMAIN". There's a row of tabs on the top; select
"Router/SMTP". You'll be presented with more tabs. Select
"Restrictions and Controls" tab to get even more tabs.
What you need is "SMTP Inbound Controls". There's a field under
the section "Inbound Sender Controls" named "Deny messages from
the following internet address/domains". Put the IP in that
address, enclosed in brackets - [127.0.0.1]. Note that you can
put more than one IP address there (i.e. your localhost and your
real IP), but each must be enclosed in it's own brackets.
Note: this workaround is tested just for the reported
vulnerability. This shouldn't break anything, but be careful
implementing this if your Domino server is not the main/only mail
service at your location. If you encounter problem, you can fix
it easily by removing the value from the field, but in any case
Microsoft-like EULA is applied to this message.