-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 17 Apr 00, at 22:32, Mark Tippetts wrote:
> Sendmail is NOT the problem. Its presence is creating conditions
> where the problem manifests, but it's not to blame. It's simply
> accepting a message from a host it trusts.
Why does it trust that host?
> The problem is qmail
> relaying this message from an untrusted host.
It will always do so. (This about that: qmail gets message for your
domain. It's quite likely to come from unstrusted host. qmail has no
idea that ! or % signs have special meanings for sendmail - they
have NO special meaning for qmail. Therefore qmail duly passes
the message along.)
> Even if I did turn off
> UUCP rewriting for sendmail, the underlying problem remains: qmail is
> acting as an open relay for messages with no @domain specified.
No, it does not. It thinks sendmail will deliver them locally.
Anything wrong with that?
> The problem can be redefined as, "qmail appends envnoathost to ANY
> rcpt address without a domain". This works too:
>
> $ telnet mx0.lynxus.com 25
> Trying 12.6.137.100...
> Connected to mx0.lynxus.com.
> Escape character is '^]'.
> 220 mx0.lynxus.com ESMTP
> helo
> 250 mx0.lynxus.com
> mail from:[EMAIL PROTECTED]
> 250 ok
> rcpt to:<bishop%lynxus.net>
> 250 ok
> data
> 354 go ahead
> test
> .
> 250 ok 956024397 qp 28670
> quit
> 221 mx0.lynxus.com
> Connection closed by foreign host.
> $
>
> This gets delivered despite the fact I have not enabled percenthack,
> because it's actually relayed to [EMAIL PROTECTED], and the
> server for lynxus.com does percenthack processing.
Why does it do the percenthack processing then? It's not vital part
of SMTP, you know, it's more or less a sendmailism.
> BTW, since I wrote my original message, my assistant pointed out a
> spot on the ORBS web site where it describes this exact problem as a
> bug. So now I have to rephrase my question: Is there an effective
> work-around for this, that will prevent qmail from automatically
> rewriting rcpt addresses without a domain?
You want to fix your sendmail, trust me. qmail won't add the local
hostname. So what? Someone else will post to
[EMAIL PROTECTED] and your sendmail will relay the
mail anyway.
If you can't fix your sendmail, patch qmail-smtpd to refuse mails
with addresses containing "!" or "%". But you're putting the horse
behind the cart.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOPv+M1MwP8g7qbw/EQKw5QCg+3YW2RsuknDToNJ8lPHLa89t03AAoL6X
0E8FGjjJI6kvoRAveYZ/8iyW
=4CX7
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
