Hi, I'm posting this to cooker because is seems to be a security issue and I don't recall seeing it discussed here (since 7.2), and it should be fixed before the next release. I was keeping an eye on my LAN traffic and discovered that the results of the security checks (writeable files and open ports) was being sent to [EMAIL PROTECTED] (my ISP). YIKES!!! Talk about saving crackers the trouble of figuring it out for themselves...! I tracked this down to PostFix' trivial-rewrite which is appending its main.cf's "myorigin" to addresses which are not fully qualified. I'm not sure which is the best way to resolve this... I have a small home LAN with all hosts in a private DN (mydomain=foo.home); hence my use of myorigin=skybest.com in /etc/postfix/main.cf... ethereal will tell me tomorrow if changing /etc/postfix/aliases to: # Person who should get root's mail root: [EMAIL PROTECTED] fixes this hole which transmits details of my writeable files and open ports outside my network. However, 'news' is also getting rewritten to [EMAIL PROTECTED] My dilema is that there should be a central fix for this vs having to find all the possible services that send to local recipients. Any thoughts on the proper way to close this leak...? Or did I totally misunderstand the use of "myorigin"..? Thanks, Pierre
