Package: sendmail Version: 8.13.4-3 Severity: normal -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
sendmail uses a default MaxHopCount of only 25, which is clearly too low in todays email world with stacked virus scanners, spam filters and multiple internal gateways. RFC 2821 doesn't give an absolute limit, but has a clear recommendation: <quote> 6.2 Loop Detection Simple counting of the number of "Received:" headers in a message has proven to be an effective, although rarely optimal, method of detecting loops in mail systems. SMTP servers using this technique SHOULD use a large rejection threshold, normally at least 100 Received entries. Whatever mechanisms are used, servers MUST contain provisions for detecting and stopping trivial loops. </quote> I believe the Debian sendmail package should set a default that complies with this recommendation, either by changing the default at compile time or at least by providing an example sendmail.mc with define(`confMAX_HOP', `100') - -- Package-specific info: Ouput of /usr/share/bug/sendmail/script: ls -alR /etc/mail: /etc/mail: total 392 drwxr-sr-x 9 smmta smmsp 4096 2005-09-21 16:06 . drwxr-xr-x 132 root root 8192 2005-09-19 12:13 .. - -rw-r--r-- 1 root root 1055 2005-09-21 16:06 access - -rw-r----- 1 smmta smmsp 12288 2005-09-21 16:06 access.db - -rw-r--r-- 1 root root 281 2004-09-21 20:51 address.resolve - -rw-r--r-- 1 root root 1476 2005-07-18 10:37 aliases - -rw-r--r-- 1 smmta smmsp 12288 2005-07-18 10:55 aliases.db drwxr-xr-x 2 root smmsp 4096 2005-09-08 13:18 CVS - -rw-r--r-- 1 root smmsp 3590 2005-09-06 15:23 databases - -rw-r----- 1 smmta smmsp 31 2001-04-30 00:16 default-auth-info - -r--r--r-- 1 daemon daemon 5588 2004-12-16 02:34 helpfile - -rw-r--r-- 1 root root 163 2005-01-20 18:38 local-host-names - -rw-r--r-- 1 root root 1706 2003-09-16 09:05 local_virtusertable drwxr-sr-x 2 smmta smmsp 4096 2005-09-18 03:31 m4 - -rw-r--r-- 1 root smmsp 96 2003-04-07 19:23 mailertable - -rw-r----- 1 root smmsp 12288 2005-06-05 22:40 mailertable.db - -rwxr-xr-- 1 root smmsp 11777 2005-09-06 15:23 Makefile drwxr-sr-x 2 root smmsp 4096 2005-09-06 15:18 OLD drwxr-xr-x 2 root root 4096 2005-06-05 22:40 peers - -rw-r--r-- 1 root root 72 2003-04-07 19:23 relay-domains drwxr-xr-x 2 smmta smmsp 4096 2004-10-13 10:05 sasl - -rw-r--r-- 1 root smmsp 59780 2005-09-06 15:23 sendmail.cf - -rw-r--r-- 1 root root 59778 2005-06-05 22:40 sendmail.cf.old - -rw-r--r-- 1 root root 11867 2005-06-05 22:40 sendmail.conf - -rw-r--r-- 1 root smmsp 1096 2005-05-12 17:54 sendmail.mc - -rw-r--r-- 1 root root 149 2001-01-15 18:49 service.switch - -rw-r--r-- 1 root root 180 2001-01-15 18:49 service.switch-nodns drwxr-sr-x 2 smmta smmsp 4096 2004-10-11 14:38 smrsh lrwxrwxrwx 1 root root 15 2005-07-02 03:30 spamassassin -> ../spamassassin - -rw-r--r-- 1 root smmsp 41799 2005-06-05 22:40 submit.cf - -rw-r--r-- 1 root root 41780 2005-06-05 22:40 submit.cf.old - -rw-r--r-- 1 root smmsp 580 2005-06-05 22:40 submit.mc drwxr-xr-x 2 smmta smmsp 4096 2005-01-11 16:00 tls - -rw-r--r-- 1 root root 71 2003-04-07 19:23 trusted-users - -rw-r--r-- 1 root smmsp 117 2005-01-20 18:38 virtusertable - -rw-r----- 1 root smmsp 12288 2005-06-05 22:40 virtusertable.db /etc/mail/CVS: total 20 drwxr-xr-x 2 root smmsp 4096 2005-09-08 13:18 . drwxr-sr-x 9 smmta smmsp 4096 2005-09-21 16:06 .. - -rw-r--r-- 1 root root 402 2005-09-08 13:18 Entries - -rw-r--r-- 1 root smmsp 17 2003-04-02 11:18 Repository - -rw-r--r-- 1 root smmsp 19 2003-04-02 11:18 Root /etc/mail/m4: total 12 drwxr-sr-x 2 smmta smmsp 4096 2005-09-18 03:31 . drwxr-sr-x 9 smmta smmsp 4096 2005-09-21 16:06 .. - -rw-r--r-- 1 root root 789 2004-11-07 17:32 clamav-milter.m4 - -rw-r----- 1 root smmsp 0 2002-10-23 02:21 dialup.m4 - -rw-r----- 1 root smmsp 0 2002-10-23 02:21 provider.m4 /etc/mail/OLD: total 12 drwxr-sr-x 2 root smmsp 4096 2005-09-06 15:18 . drwxr-sr-x 9 smmta smmsp 4096 2005-09-21 16:06 .. - -rw-r--r-- 1 root root 683 2001-03-27 23:27 sasl.mc /etc/mail/peers: total 12 drwxr-xr-x 2 root root 4096 2005-06-05 22:40 . drwxr-sr-x 9 smmta smmsp 4096 2005-09-21 16:06 .. - -rw-r--r-- 1 root root 328 2001-07-18 00:11 provider /etc/mail/sasl: total 20 drwxr-xr-x 2 smmta smmsp 4096 2004-10-13 10:05 . drwxr-sr-x 9 smmta smmsp 4096 2005-09-21 16:06 .. - -rwxr--r-- 1 root root 3655 2005-09-06 15:22 sasl.m4 - -rw-r----- 1 smmta smmsp 748 2004-10-13 10:10 Sendmail.conf.2 - -rw-r----- 1 smmta smmsp 610 2003-03-04 14:49 Sendmail.conf.2.OLD /etc/mail/smrsh: total 8 drwxr-sr-x 2 smmta smmsp 4096 2004-10-11 14:38 . drwxr-sr-x 9 smmta smmsp 4096 2005-09-21 16:06 .. lrwxrwxrwx 1 root root 26 2003-04-24 18:56 mail.local -> /usr/lib/sm.bin/mail.local lrwxrwxrwx 1 root root 17 2003-04-24 18:56 procmail -> /usr/bin/procmail lrwxrwxrwx 1 root root 17 2003-04-24 18:56 vacation -> /usr/bin/vacation /etc/mail/tls: total 20 drwxr-xr-x 2 smmta smmsp 4096 2005-01-11 16:00 . drwxr-sr-x 9 smmta smmsp 4096 2005-09-21 16:06 .. - -rw-r--r-- 1 root root 7 2003-03-04 14:32 no_prompt lrwxrwxrwx 1 root smmsp 37 2003-05-01 00:01 sendmail-client.crt -> /etc/ssl/CA/certs/canardo.mork.no.crt lrwxrwxrwx 1 root smmsp 37 2003-05-01 00:01 sendmail-common.key -> /etc/ssl/CA/certs/canardo.mork.no.crt lrwxrwxrwx 1 root smmsp 37 2003-05-01 00:01 sendmail-server.crt -> /etc/ssl/CA/certs/canardo.mork.no.crt - -rwxr--r-- 1 root root 3155 2005-06-05 22:40 starttls.m4 - -rw-r--r-- 1 smmta smmsp 2109 2003-03-03 23:36 starttls.m4.OLD sendmail.conf: DAEMON_NETMODE="Static"; DAEMON_NETIF="lo"; DAEMON_MODE="Daemon"; DAEMON_PARMS=""; DAEMON_HOSTSTATS="Yes"; DAEMON_MAILSTATS="Yes"; QUEUE_MODE="${DAEMON_MODE}"; QUEUE_INTERVAL="15"; QUEUE_PARMS=""; MSP_MODE="Cron"; MSP_INTERVAL="180"; MSP_PARMS=""; MSP_MAILSTATS="Yes"; MISC_PARMS=""; CRON_MAILTO="root"; CRON_PARMS=""; LOG_CMDS="No"; HANDS_OFF="No"; AGE_DATA=""; DAEMON_RUNASUSER="No"; DAEMON_STATS="${DAEMON_MAILSTATS}"; MSP_STATS="${MSP_MAILSTATS}"; sendmail.mc: define(`_USE_ETC_MAIL_')dnl include(`/usr/share/sendmail/cf/m4/cf.m4')dnl include(`/etc/mail/tls/starttls.m4')dnl include(`/etc/mail/sasl/sasl.m4')dnl include(`/etc/mail/m4/clamav-milter.m4')dnl VERSIONID(`$Id: sendmail.mc,v 1.19 2005/05/12 15:54:42 bjorn Exp $') OSTYPE(`debian')dnl DOMAIN(`debian-mta')dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail $v/$Z; $b')dnl undefine(`confCF_VERSION')dnl undefine(`confTLS_SRV_OPTIONS')dnl # remove V to make sendmail verify client certificates FEATURE(`nouucp', `nospecial')dnl FEATURE(`always_add_domain')dnl FEATURE(`relay_entire_domain')dnl FEATURE(`use_cw_file')dnl FEATURE(`use_ct_file')dnl FEATURE(`virtusertable')dnl FEATURE(`access_db')dnl FEATURE(`local_procmail')dnl FEATURE(`delay_checks')dnl FEATURE(`mailertable')dnl define(`RELAY_MAILER_ARGS',`TCP $h 1025')dnl define(`LOCAL_MAILER_FLAGS',`SPfhn8')dnl MAILER(local)dnl MAILER(smtp)dnl submit.mc... define(`_USE_ETC_MAIL_')dnl include(`/usr/share/sendmail/cf/m4/cf.m4')dnl VERSIONID(`$Id: submit.mc,v 1.5 2005/01/12 16:14:18 bjorn Exp $') OSTYPE(`debian')dnl DOMAIN(`debian-msp')dnl FEATURE(`msp', `[127.0.0.1]', `MSA')dnl define(`confCACERT_PATH', `/etc/ssl/certs')dnl define(`confCACERT', `/etc/ssl/certs/ca-certificates.crt')dnl define(`confCLIENT_CERT', `/etc/mail/tls/sendmail-client.crt')dnl define(`confCLIENT_KEY', `/etc/mail/tls/sendmail-common.key')dnl define(`confDONT_BLAME_SENDMAIL', defn(`confDONT_BLAME_SENDMAIL')`,GroupReadableKeyFile')dnl' - -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages sendmail depends on: ii rmail 8.13.4-3 MTA->UUCP remote mail handler ii sendmail-base 8.13.4-3 powerful, efficient, and scalable ii sendmail-bin 8.13.4-3 powerful, efficient, and scalable ii sendmail-cf 8.13.4-3 powerful, efficient, and scalable ii sensible-mda 8.13.4-3 Mail Delivery Agent wrapper Versions of packages sensible-mda depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii procmail 3.22-11 Versatile e-mail processor ii sendmail-bin [mail-transpor 8.13.4-3 powerful, efficient, and scalable Versions of packages rmail depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libldap2 2.1.30-8 OpenLDAP libraries ii sendmail-bin [mail-transpor 8.13.4-3 powerful, efficient, and scalable Versions of packages libmilter0 depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDMpbv10rqkowbIskRAhZPAJ9hii3tuYzZDdCGAhnoRswJm04xmgCfSDjD yFQVZ+0jcMo+EbVXkktY3QE= =AnqX -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]