sendmail localhost rDNS

Hi, last week, there was an article on heise security about MTAs[1] which relay mails for hosts having a reverse resolution of 'localhost'. Doing a small test shows that sendmail on etch seems to be vulnerable, too. I need to have a localhost RELAY line in my access file (which is not

Re: sendmail localhost rDNS

On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote: last week, there was an article on heise security about MTAs[1] which relay mails for hosts having a reverse resolution of 'localhost'. Doing a small test shows that sendmail on etch seems to be vulnerable, too. I need to have

Re: sendmail localhost rDNS

Re, #Lupe Christoph wrote: On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote: last week, there was an article on heise security about MTAs[1] which relay mails for hosts having a reverse resolution of 'localhost'. Doing a small test shows that sendmail on etch seems to be

Re: sendmail localhost rDNS

On Monday, 2009-08-10 at 14:03:44 +0200, Thomas Liske wrote: #Lupe Christoph wrote: On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote: last week, there was an article on heise security about MTAs[1] which relay mails for hosts having a reverse resolution of 'localhost'. Doing a

Re: sendmail localhost rDNS

On Mon, 2009-08-10 at 14:03 +0200, Thomas Liske wrote: if an access line like: Connect:localhost RELAY turns a MTA into an Open Relay than I would prefere a DSA, since the ACL implementation is broken IMHO. As long as reverse DNS can be faked, I would never use hostnames

Re: sendmail localhost rDNS

Re, Jan de Groot wrote: On Mon, 2009-08-10 at 14:03 +0200, Thomas Liske wrote: if an access line like: Connect:localhost RELAY turns a MTA into an Open Relay than I would prefere a DSA, since the ACL implementation is broken IMHO. As long as reverse DNS can be faked, I would

Re: sendmail localhost rDNS

* Jan de Groot j...@jgc.homeip.net [090810 14:22]: On Mon, 2009-08-10 at 14:03 +0200, Thomas Liske wrote: if an access line like: Connect:localhost RELAY turns a MTA into an Open Relay than I would prefere a DSA, since the ACL implementation is broken IMHO. As long

RE: [SECURITY] [DSA 1854-1] New APR packages fix arbitrary code execution

I guess I will run apt-get upgrade everywhereit's available on drepo as of this morning. Shawn Henson CTR-EDS, an HP Company DMLSS/JMLFDC/IST 1681 Nelson St, Ft Detrick, MD 21702 DSN 343-9712, COM 301-619-9712, FAX 301-619-7831 -Original Message- From: Florian Weimer

Re: sendmail localhost rDNS

* Lupe Christoph l...@lupe-christoph.de [090810 13:53]: On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote: last week, there was an article on heise security about MTAs[1] which relay mails for hosts having a reverse resolution of 'localhost'. Doing a small test shows that

Re: sendmail localhost rDNS

On Monday, 2009-08-10 at 14:35:06 +0200, Bernhard R. Link wrote: * Lupe Christoph l...@lupe-christoph.de [090810 13:53]: On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote: last week, there was an article on heise security about MTAs[1] which relay mails for hosts having a

Re: [Secure-testing-commits] r12552 - data/CVE

On Mon, 10 Aug 2009 20:24:10 +0200, Nico Golde wrote: Hi, * Michael S. Gilbert michael.s.gilb...@gmail.com [2009-08-10 20:18]: On Mon, 10 Aug 2009 18:09:16 +, Nico Golde wrote: [...] -CVE-2009-2414 +CVE-2009-2414 [libxml2 stack recursion] RESERVED + - libxml2 unfixed