At 11:53 AM 12/27/98 +0000, Chuck Foster wrote:
>On Mon, 21 Dec 1998, Mark Delany wrote:
>> I'm not sure I understand the allusion here. But be that as it may,
>> tcpserver doesn't use the domain name to set RELAYCLIENT, it uses the ip
>> address.
>>
>> So, regardless of whether you use -P/-p, your system isn't vulnerable to
>> 3rd-party relay abuse. All it means is that TCPREMOTEHOST is not reliable.
>
>Hmm, with all this talk I thought I had better have a poke through my
>domain name patch for tcpserver to see how I approached it. The ruleset
Ahh. So it was your patch. I couldn't quite recall.
>check is done after all of Dan's paranoid code and only looks up if
>"paranoid" hosts are merely logged rather than blocked; unless my
>code-reading is really up the creek this morning(!) this should mean that
>if the -A option is specified then the name lookup isn't prone.
>
>So, using -pnA or -pNA should avoid letting a bogus domain through.
>(I knew I'd added it for something :-)).
I've no doubt that someone of Chuck's capabilities added it for good reason
- nonetheless, it's interesting to note that he thought it worth revisiting,
just in case. In the same vein, one may be critical of Wietse, but he has
been around the traps for a while and his error rate is almost certainly
well below average.
All this means to me is that it's hard getting security right.
Obqmail: My reckoning is that DjB released qmail with the security
confidence level at "I think it's right". There are no certainties in this
business, all we are doing is reducing the uncertainties. And luckily some
appear quite good at it.
Regards.
