On Mon, 21 Dec 1998, Mark Delany wrote:
> I'm not sure I understand the allusion here. But be that as it may,
> tcpserver doesn't use the domain name to set RELAYCLIENT, it uses the ip
> address.
>
> So, regardless of whether you use -P/-p, your system isn't vulnerable to
> 3rd-party relay abuse. All it means is that TCPREMOTEHOST is not reliable.
Hmm, with all this talk I thought I had better have a poke through my
domain name patch for tcpserver to see how I approached it. The ruleset
check is done after all of Dan's paranoid code and only looks up if
"paranoid" hosts are merely logged rather than blocked; unless my
code-reading is really up the creek this morning(!) this should mean that
if the -A option is specified then the name lookup isn't prone.
So, using -pnA or -pNA should avoid letting a bogus domain through.
(I knew I'd added it for something :-)).
C.
[but then, you only used my code at your own risk!]
