Re: sendmail & localhost rDNS

To: Thomas Liske <liske@ibh.de>
Cc: debian-security@lists.debian.org
Subject: Re: sendmail & localhost rDNS
From: Lupe Christoph <lupe@lupe-christoph.de>
Date: Mon, 10 Aug 2009 13:53:12 +0200
Message-id: <[🔎] 20090810115312.GE25566@lupe-christoph.de>
Mail-followup-to: Thomas Liske <liske@ibh.de>, debian-security@lists.debian.org
In-reply-to: <[🔎] 4A80089E.300@ibh.de>
References: <[🔎] 4A80089E.300@ibh.de>

On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:

> last week, there was an article on heise security about MTAs[1] which  
> relay mails for hosts having a reverse resolution of 'localhost'. Doing  
> a small test shows that sendmail on etch seems to be vulnerable, too. I  
> need to have a localhost RELAY line in my access file (which is not  
> default AFAIK).

> Will there be a DSA on this issue, since it seems to turn Sendmail  
> installations with allowed localhost RELAYing into Open Relays?

Are you saying you want a DSA for a package that does not have that
particular vulnerability, but allows a user to create it?

"Doctor, it hurts when I do this!" "Don't do it, then."

Lupe Christoph
-- 
| There is no substitute for bad design except worse design.                   |
| /me                                                                          |

Reply to:

Follow-Ups:
- Re: sendmail & localhost rDNS
  - From: Thomas Liske <liske@ibh.de>

References:
- sendmail & localhost rDNS
  - From: Thomas Liske <liske@ibh.de>

Prev by Date: sendmail & localhost rDNS
Next by Date: Re: sendmail & localhost rDNS
Previous by thread: sendmail & localhost rDNS
Next by thread: Re: sendmail & localhost rDNS
Index(es):
- Date
- Thread