Re: sendmail & localhost rDNS
* Lupe Christoph <firstname.lastname@example.org> [090810 13:53]:
> On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
> > last week, there was an article on heise security about MTAs which
> > relay mails for hosts having a reverse resolution of 'localhost'. Doing
> > a small test shows that sendmail on etch seems to be vulnerable, too. I
> > need to have a localhost RELAY line in my access file (which is not
> > default AFAIK).
> > Will there be a DSA on this issue, since it seems to turn Sendmail
> > installations with allowed localhost RELAYing into Open Relays?
> Are you saying you want a DSA for a package that does not have that
> particular vulnerability, but allows a user to create it?
> "Doctor, it hurts when I do this!" "Don't do it, then."
"Help, help my computer does funny things!" "Don't power it up, then."
Almost all security holes need to user to do something. (If only to
power up the machine, to install some packages, to connect to the
internet, to give accounts to users). The question cannot be that
something has to be done do make people vulnerable, but whether properly
sane and educated people can guess that something opens a security
Bernhard R. Link