Re: How to patch?

Fri, 30 May 2003 12:04:41 -0700

Claudio Jeker wrote:
On Tue, May 27, 2003 at 02:02:39AM +0800, Joe Wong wrote:

Hi,all
When I patch qmail with below *.patch,I get a lot of wrong message.What should I do to 
patch qmail correctly step by step? Thanks!

qmail-ldap-1.03-20030501.patch
qmailqueue-patch
qmail-103.patch (patch for dns.c)
qmail-ldap-control_20020524.patch
smtp-auth-20030301.patch
big-concurrency.patch
qmail-0.0.0.0.patch



Some of the patches are already integrated in qmail-ldap patch.
qmail-103.patch, big-concurrency.patch and qmail-0.0.0.0.patch are
included. qmailqueue-patch should apply without a problem.
qmail-ldap-control_20020524.patch and smtp-auth-20030301.patch
may need some handwork.



OK, when we're on the subject of patches...

I have a big problem at the moment with a couple of qmail servers I'm
responsible for:
when I receive a message from system bad.system.com, where envelope
sender and/or From: field are from [EMAIL PROTECTED], directed to
another [EMAIL PROTECTED], my.good.system.com receives the
message, even if bad.system.com made the connection.

Now, I did put up a correct control/rcpthosts only for
my.good.system.com, and in /etc/tcp.smtp.cdb I have allowed connectin
for anybody, and relaying only for clients from IP's of my.good.system.com.

Or, to give an explanation:

from bad.system.com:
                I send:         telnet my.good.system.com smtp
                I receive:      220 my.good.system.com ESMTP
                I send:         HELO localhost
                I receive:      250 HELO my.good.system.com
                I send:         mail from: [EMAIL PROTECTED]
                I receive:      250 OK <----- BAD
                I send:         rcpt to: [EMAIL PROTECTED]
                I receive:      250 OK <---- OK, my recipient
                I send:         data
                I receive:      354 GO AHEAD <---- BAD

As you can see, I can send a message pretending that I am from
my.good.system.com to a user at my.good.system.com, even though I am
coming from bad.system.com....

So, how can a man plug this hole? I don't see anything of that kind
mentioned in any instructions for qmail, only basic thing with rcpthosts
(which is valid for the above scenario) and tcp.smtp.cdb (which is also
OK)...

I suspect that there is some patch for this, but don't know which one,
that can also be applied to qmail with the LDAP patch.

HELP!

Andrea

--
This should be a TAG, but...

Reply via email to