Re: sendmail & localhost rDNS
If sendmail would do a double lookup verify on the reverse DNS records,
there would be no problem at all.
When some obscure IP address has reverse DNS pointer record "localhost"
and sendmail would do another lookup to see what IP address belongs to
"localhost", then it would not match (obscure IP != 127.0.0.1) and the
access DB rule should not be valid for this connection.
Could someone from the Debian security team do some test and check if
sendmail does the double lookup verify? If not, a DSA would be
appropriate and it should be patched.
With kind regards,
Michiel Klaver
IT professional
At 11-8-2009 10:45, Lupe Christoph wrote:
> OK, I give up. And shut up.
>
> Please file a bug against the sendmail package, with the information
> that sendmail allows you to enter "Connect:localhost RELAY" in
> /etc/mail/access.
>
> And another one that "Connect:127.0.0.1 RELAY" opens up the same hole as
> "Connect:localhost RELAY".
>
> Since I have no sendmail installation to use for testing, I can't
> reproduce the second problem. The sendmail package maintainer will
> probably require the submitter to provide details which I can't.
>
> Thank you,
> Lupe Christoph
Reply to: