Re: sendmail & localhost rDNS
Re,
#Lupe Christoph wrote:
On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
last week, there was an article on heise security about MTAs[1] which
relay mails for hosts having a reverse resolution of 'localhost'. Doing
a small test shows that sendmail on etch seems to be vulnerable, too. I
need to have a localhost RELAY line in my access file (which is not
default AFAIK).
Will there be a DSA on this issue, since it seems to turn Sendmail
installations with allowed localhost RELAYing into Open Relays?
Are you saying you want a DSA for a package that does not have that
particular vulnerability, but allows a user to create it?
if an access line like:
Connect:localhost RELAY
turns a MTA into an Open Relay than I would prefere a DSA, since the ACL
implementation is broken IMHO.
Regards,
Thomas
--
support@ibh.de Tel. +49 351 477 77 30
www.ibh.de Fax +49 351 477 77 39
-----------------------------------------------------------------------
Dipl.-Ing. Thomas Liske
Netzwerk- und System-Design
IBH IT-Service GmbH Amtsgericht Dresden
Gostritzer Str. 61-63 HRB 13626
D-01217 Dresden GF: Prof. Dr. Thomas Horn
Germany VAT DE182302907
-----------------------------------------------------------------------
Ihr Partner für: LAN, WAN IP-Quality, Security, VoIP, SAN, Backup, USV
-----------------------------------------------------------------------
professioneller IT-Service - kompetent und zuverlässig
-----------------------------------------------------------------------
Reply to: