On Tue, Aug 11, 2009 at 10:56:57AM +0200, Joerg Morbitzer wrote:
> I just did a fresh sendmail installation on Debian Etch getting this
> auto-generated new /etc/mail/access file:
>
> titan:~# grep "^Connect:.*RELAY" /etc/mail/access
> Connect:localhost RELAY
> Connect:127
If sendmail would do a double lookup verify on the reverse DNS records,
there would be no problem at all.
When some obscure IP address has reverse DNS pointer record "localhost"
and sendmail would do another lookup to see what IP address belongs to
"localhost", then it would not match (obscure IP
* Lupe Christoph [090811 10:56]:
> > So it is in my eyes no criteria at all that the user has to change some
> > configuration. The question is whether this change is supposed to cause
> > the effects it does and if a user can be expected to understand the
> > effects.
>
> Please go ahead and file
Lupe Christoph wrote:
> OK, I give up. And shut up.
>
> Please file a bug against the sendmail package, with the information
> that sendmail allows you to enter "Connect:localhost RELAY" in
> /etc/mail/access.
>
> And another one that "Connect:127.0.0.1 RELAY" opens up the same hole as
> "Connect
On Tuesday, 2009-08-11 at 10:32:04 +0200, Bernhard R. Link wrote:
> * Lupe Christoph [090810 21:13]:
> > > Almost all security holes need to user to do something. (If only to
> > > power up the machine, to install some packages, to connect to the
> > > internet, to give accounts to users). The que
OK, I give up. And shut up.
Please file a bug against the sendmail package, with the information
that sendmail allows you to enter "Connect:localhost RELAY" in
/etc/mail/access.
And another one that "Connect:127.0.0.1 RELAY" opens up the same hole as
"Connect:localhost RELAY".
Since I have no se
Re,
Lupe Christoph wrote:
On Monday, 2009-08-10 at 14:35:06 +0200, Bernhard R. Link wrote:
* Lupe Christoph [090810 13:53]:
On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
last week, there was an article on heise security about MTAs[1] which
relay mails for hosts having a rev
* Lupe Christoph [090810 21:13]:
> > Almost all security holes need to user to do something. (If only to
> > power up the machine, to install some packages, to connect to the
> > internet, to give accounts to users). The question cannot be that
> > something has to be done do make people vulnerabl
On Monday, 2009-08-10 at 14:35:06 +0200, Bernhard R. Link wrote:
> * Lupe Christoph [090810 13:53]:
> > On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
> > > last week, there was an article on heise security about MTAs[1] which
> > > relay mails for hosts having a reverse resolutio
* Lupe Christoph [090810 13:53]:
> On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
>
> > last week, there was an article on heise security about MTAs[1] which
> > relay mails for hosts having a reverse resolution of 'localhost'. Doing
> > a small test shows that sendmail on etch
* Jan de Groot [090810 14:22]:
> On Mon, 2009-08-10 at 14:03 +0200, Thomas Liske wrote:
> > if an access line like:
> >
> > Connect:localhost RELAY
> >
> > turns a MTA into an Open Relay than I would prefere a DSA, since the
> > ACL
> > implementation is broken IMHO.
>
> As long as r
Re,
Jan de Groot wrote:
On Mon, 2009-08-10 at 14:03 +0200, Thomas Liske wrote:
if an access line like:
Connect:localhost RELAY
turns a MTA into an Open Relay than I would prefere a DSA, since the
ACL
implementation is broken IMHO.
As long as reverse DNS can be faked, I would
On Mon, 2009-08-10 at 14:03 +0200, Thomas Liske wrote:
> if an access line like:
>
> Connect:localhost RELAY
>
> turns a MTA into an Open Relay than I would prefere a DSA, since the
> ACL
> implementation is broken IMHO.
As long as reverse DNS can be faked, I would never use hostn
On Monday, 2009-08-10 at 14:03:44 +0200, Thomas Liske wrote:
> #Lupe Christoph wrote:
>> On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
>>> last week, there was an article on heise security about MTAs[1] which
>>> relay mails for hosts having a reverse resolution of 'localhost'.
>
Re,
#Lupe Christoph wrote:
On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
last week, there was an article on heise security about MTAs[1] which
relay mails for hosts having a reverse resolution of 'localhost'. Doing
a small test shows that sendmail on etch seems to be vulnerab
On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
> last week, there was an article on heise security about MTAs[1] which
> relay mails for hosts having a reverse resolution of 'localhost'. Doing
> a small test shows that sendmail on etch seems to be vulnerable, too. I
> need to h
Hi,
last week, there was an article on heise security about MTAs[1] which
relay mails for hosts having a reverse resolution of 'localhost'. Doing
a small test shows that sendmail on etch seems to be vulnerable, too. I
need to have a localhost RELAY line in my access file (which is not
default
17 matches
Mail list logo
