-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/07/2011 09:18 AM, Timo Sirainen wrote:
> On Tue, 2011-06-07 at 09:10 -0500, Matt Brookings wrote:
>>>> Unfortunately, the 5.4 branch does not understand "::1" as the loopback,
>>>> and it parses the value incorrectly, leading to an open relay situation.
>>>> Not all systems allow localhost to relay via SMTP without authentication.
>>>
>>> Doesn't it also mean that if someone connects via a remote IPv6 address,
>>> it again leads to open relay? How about the attached patch instead?
>>
>> Many systems will be running other qmail and vpopmail services from the
>> ucspi-tcp package which may not be patched to support IPv6. As a
>> result, when connecting to "::1", it will be translated to 127.0.0.1,
>> and as I said before, some systems will not allow localhost to send
>> without authentication.
>>
>> I understand it's introducing a hackish fix into your project, but I
>> will submit a new patch that updates this block of code when a proper
>> solution that will work across the various system configurations is
>> determined.
>
> It still seems safer to me to ignore all IPv6 addresses rather than ::1
> specifically. And as I understand it works just as well normally with
> both ways?
That will be fine. As long as it doesn't pass the IPv6 strings, and the
ifdef name is changed, all should work.
Thanks!
- --
/*
Matt Brookings <m...@inter7.com> GnuPG Key FAE0672C
Software developer Systems technician
Inter7 Internet Technologies, Inc. (815)776-9465
*/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3uiHsACgkQIwet2/rgZyw9PACcDHqW65HrFOn0ICSdOzCDoZRB
4F8AoIbftJIhfH/x8YOf4uKKtIbL3ORs
=tskj
-----END PGP SIGNATURE-----
