Re: sendmail & localhost rDNS
On Monday, 2009-08-10 at 14:03:44 +0200, Thomas Liske wrote:
> #Lupe Christoph wrote:
>> On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
>>> last week, there was an article on heise security about MTAs[1] which
>>> relay mails for hosts having a reverse resolution of 'localhost'.
>>> Doing a small test shows that sendmail on etch seems to be
>>> vulnerable, too. I need to have a localhost RELAY line in my access
>>> file (which is not default AFAIK).
>>> Will there be a DSA on this issue, since it seems to turn Sendmail
>>> installations with allowed localhost RELAYing into Open Relays?
>> Are you saying you want a DSA for a package that does not have that
>> particular vulnerability, but allows a user to create it?
> if an access line like:
> Connect:localhost RELAY
> turns a MTA into an Open Relay than I would prefere a DSA, since the ACL
> implementation is broken IMHO.
Well, a line like this:
Connect:spammer.com RELAY
does the same, so, as I said, just don't do it. I still don't see why
on one hand you say that you need a localhost line, and then complain
that it hurts you.
Why can't you use 127.0.0.1 or localhost.mydomain?
Lupe Christoph
--
| There is no substitute for bad design except worse design. |
| /me |
Reply to: