Bug#329625: sendmail: Default MaxHopCount is too low (25 while RFC 2821 recommends at least 100)

Thu, 22 Sep 2005 05:31:47 -0700 

Package: sendmail
Version: 8.13.4-3
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

sendmail uses a default MaxHopCount of only 25, which is clearly too low in
todays email world with stacked virus scanners, spam filters and multiple 
internal gateways.

RFC 2821 doesn't give an absolute limit, but has a clear recommendation:

<quote>
6.2 Loop Detection

   Simple counting of the number of "Received:" headers in a message has
   proven to be an effective, although rarely optimal, method of
   detecting loops in mail systems.  SMTP servers using this technique
   SHOULD use a large rejection threshold, normally at least 100
   Received entries.  Whatever mechanisms are used, servers MUST contain
   provisions for detecting and stopping trivial loops.
</quote>

I believe the Debian sendmail package should set a default that complies
with this recommendation, either by changing the default at compile time 
or at least by providing an example sendmail.mc with
define(`confMAX_HOP', `100')


- -- Package-specific info:
Ouput of /usr/share/bug/sendmail/script:

ls -alR /etc/mail:
/etc/mail:
total 392
drwxr-sr-x    9 smmta  smmsp   4096 2005-09-21 16:06 .
drwxr-xr-x  132 root   root    8192 2005-09-19 12:13 ..
- -rw-r--r--    1 root   root    1055 2005-09-21 16:06 access
- -rw-r-----    1 smmta  smmsp  12288 2005-09-21 16:06 access.db
- -rw-r--r--    1 root   root     281 2004-09-21 20:51 address.resolve
- -rw-r--r--    1 root   root    1476 2005-07-18 10:37 aliases
- -rw-r--r--    1 smmta  smmsp  12288 2005-07-18 10:55 aliases.db
drwxr-xr-x    2 root   smmsp   4096 2005-09-08 13:18 CVS
- -rw-r--r--    1 root   smmsp   3590 2005-09-06 15:23 databases
- -rw-r-----    1 smmta  smmsp     31 2001-04-30 00:16 default-auth-info
- -r--r--r--    1 daemon daemon  5588 2004-12-16 02:34 helpfile
- -rw-r--r--    1 root   root     163 2005-01-20 18:38 local-host-names
- -rw-r--r--    1 root   root    1706 2003-09-16 09:05 local_virtusertable
drwxr-sr-x    2 smmta  smmsp   4096 2005-09-18 03:31 m4
- -rw-r--r--    1 root   smmsp     96 2003-04-07 19:23 mailertable
- -rw-r-----    1 root   smmsp  12288 2005-06-05 22:40 mailertable.db
- -rwxr-xr--    1 root   smmsp  11777 2005-09-06 15:23 Makefile
drwxr-sr-x    2 root   smmsp   4096 2005-09-06 15:18 OLD
drwxr-xr-x    2 root   root    4096 2005-06-05 22:40 peers
- -rw-r--r--    1 root   root      72 2003-04-07 19:23 relay-domains
drwxr-xr-x    2 smmta  smmsp   4096 2004-10-13 10:05 sasl
- -rw-r--r--    1 root   smmsp  59780 2005-09-06 15:23 sendmail.cf
- -rw-r--r--    1 root   root   59778 2005-06-05 22:40 sendmail.cf.old
- -rw-r--r--    1 root   root   11867 2005-06-05 22:40 sendmail.conf
- -rw-r--r--    1 root   smmsp   1096 2005-05-12 17:54 sendmail.mc
- -rw-r--r--    1 root   root     149 2001-01-15 18:49 service.switch
- -rw-r--r--    1 root   root     180 2001-01-15 18:49 service.switch-nodns
drwxr-sr-x    2 smmta  smmsp   4096 2004-10-11 14:38 smrsh
lrwxrwxrwx    1 root   root      15 2005-07-02 03:30 spamassassin -> 
../spamassassin
- -rw-r--r--    1 root   smmsp  41799 2005-06-05 22:40 submit.cf
- -rw-r--r--    1 root   root   41780 2005-06-05 22:40 submit.cf.old
- -rw-r--r--    1 root   smmsp    580 2005-06-05 22:40 submit.mc
drwxr-xr-x    2 smmta  smmsp   4096 2005-01-11 16:00 tls
- -rw-r--r--    1 root   root      71 2003-04-07 19:23 trusted-users
- -rw-r--r--    1 root   smmsp    117 2005-01-20 18:38 virtusertable
- -rw-r-----    1 root   smmsp  12288 2005-06-05 22:40 virtusertable.db

/etc/mail/CVS:
total 20
drwxr-xr-x  2 root  smmsp 4096 2005-09-08 13:18 .
drwxr-sr-x  9 smmta smmsp 4096 2005-09-21 16:06 ..
- -rw-r--r--  1 root  root   402 2005-09-08 13:18 Entries
- -rw-r--r--  1 root  smmsp   17 2003-04-02 11:18 Repository
- -rw-r--r--  1 root  smmsp   19 2003-04-02 11:18 Root

/etc/mail/m4:
total 12
drwxr-sr-x  2 smmta smmsp 4096 2005-09-18 03:31 .
drwxr-sr-x  9 smmta smmsp 4096 2005-09-21 16:06 ..
- -rw-r--r--  1 root  root   789 2004-11-07 17:32 clamav-milter.m4
- -rw-r-----  1 root  smmsp    0 2002-10-23 02:21 dialup.m4
- -rw-r-----  1 root  smmsp    0 2002-10-23 02:21 provider.m4

/etc/mail/OLD:
total 12
drwxr-sr-x  2 root  smmsp 4096 2005-09-06 15:18 .
drwxr-sr-x  9 smmta smmsp 4096 2005-09-21 16:06 ..
- -rw-r--r--  1 root  root   683 2001-03-27 23:27 sasl.mc

/etc/mail/peers:
total 12
drwxr-xr-x  2 root  root  4096 2005-06-05 22:40 .
drwxr-sr-x  9 smmta smmsp 4096 2005-09-21 16:06 ..
- -rw-r--r--  1 root  root   328 2001-07-18 00:11 provider

/etc/mail/sasl:
total 20
drwxr-xr-x  2 smmta smmsp 4096 2004-10-13 10:05 .
drwxr-sr-x  9 smmta smmsp 4096 2005-09-21 16:06 ..
- -rwxr--r--  1 root  root  3655 2005-09-06 15:22 sasl.m4
- -rw-r-----  1 smmta smmsp  748 2004-10-13 10:10 Sendmail.conf.2
- -rw-r-----  1 smmta smmsp  610 2003-03-04 14:49 Sendmail.conf.2.OLD

/etc/mail/smrsh:
total 8
drwxr-sr-x  2 smmta smmsp 4096 2004-10-11 14:38 .
drwxr-sr-x  9 smmta smmsp 4096 2005-09-21 16:06 ..
lrwxrwxrwx  1 root  root    26 2003-04-24 18:56 mail.local -> 
/usr/lib/sm.bin/mail.local
lrwxrwxrwx  1 root  root    17 2003-04-24 18:56 procmail -> /usr/bin/procmail
lrwxrwxrwx  1 root  root    17 2003-04-24 18:56 vacation -> /usr/bin/vacation

/etc/mail/tls:
total 20
drwxr-xr-x  2 smmta smmsp 4096 2005-01-11 16:00 .
drwxr-sr-x  9 smmta smmsp 4096 2005-09-21 16:06 ..
- -rw-r--r--  1 root  root     7 2003-03-04 14:32 no_prompt
lrwxrwxrwx  1 root  smmsp   37 2003-05-01 00:01 sendmail-client.crt -> 
/etc/ssl/CA/certs/canardo.mork.no.crt
lrwxrwxrwx  1 root  smmsp   37 2003-05-01 00:01 sendmail-common.key -> 
/etc/ssl/CA/certs/canardo.mork.no.crt
lrwxrwxrwx  1 root  smmsp   37 2003-05-01 00:01 sendmail-server.crt -> 
/etc/ssl/CA/certs/canardo.mork.no.crt
- -rwxr--r--  1 root  root  3155 2005-06-05 22:40 starttls.m4
- -rw-r--r--  1 smmta smmsp 2109 2003-03-03 23:36 starttls.m4.OLD

sendmail.conf:
DAEMON_NETMODE="Static";
DAEMON_NETIF="lo";
DAEMON_MODE="Daemon";
DAEMON_PARMS="";
DAEMON_HOSTSTATS="Yes";
DAEMON_MAILSTATS="Yes";
QUEUE_MODE="${DAEMON_MODE}";
QUEUE_INTERVAL="15";
QUEUE_PARMS="";
MSP_MODE="Cron";
MSP_INTERVAL="180";
MSP_PARMS="";
MSP_MAILSTATS="Yes";
MISC_PARMS="";
CRON_MAILTO="root";
CRON_PARMS="";
LOG_CMDS="No";
HANDS_OFF="No";
AGE_DATA="";
DAEMON_RUNASUSER="No";
DAEMON_STATS="${DAEMON_MAILSTATS}";
MSP_STATS="${MSP_MAILSTATS}";


sendmail.mc:
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
include(`/etc/mail/tls/starttls.m4')dnl
include(`/etc/mail/sasl/sasl.m4')dnl
include(`/etc/mail/m4/clamav-milter.m4')dnl
VERSIONID(`$Id: sendmail.mc,v 1.19 2005/05/12 15:54:42 bjorn Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
define(`confSMTP_LOGIN_MSG', `$j Sendmail $v/$Z; $b')dnl
undefine(`confCF_VERSION')dnl
undefine(`confTLS_SRV_OPTIONS')dnl # remove V to make sendmail verify client 
certificates
FEATURE(`nouucp', `nospecial')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`relay_entire_domain')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`virtusertable')dnl
FEATURE(`access_db')dnl
FEATURE(`local_procmail')dnl
FEATURE(`delay_checks')dnl
FEATURE(`mailertable')dnl
define(`RELAY_MAILER_ARGS',`TCP $h 1025')dnl
define(`LOCAL_MAILER_FLAGS',`SPfhn8')dnl
MAILER(local)dnl
MAILER(smtp)dnl

submit.mc...
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: submit.mc,v 1.5 2005/01/12 16:14:18 bjorn Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-msp')dnl
FEATURE(`msp', `[127.0.0.1]', `MSA')dnl
define(`confCACERT_PATH',     `/etc/ssl/certs')dnl
define(`confCACERT',          `/etc/ssl/certs/ca-certificates.crt')dnl
define(`confCLIENT_CERT',     `/etc/mail/tls/sendmail-client.crt')dnl
define(`confCLIENT_KEY',      `/etc/mail/tls/sendmail-common.key')dnl
define(`confDONT_BLAME_SENDMAIL', 
defn(`confDONT_BLAME_SENDMAIL')`,GroupReadableKeyFile')dnl'


- -- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages sendmail depends on:
ii  rmail                         8.13.4-3   MTA->UUCP remote mail handler
ii  sendmail-base                 8.13.4-3   powerful, efficient, and scalable 
ii  sendmail-bin                  8.13.4-3   powerful, efficient, and scalable 
ii  sendmail-cf                   8.13.4-3   powerful, efficient, and scalable 
ii  sensible-mda                  8.13.4-3   Mail Delivery Agent wrapper

Versions of packages sensible-mda depends on:
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  procmail                    3.22-11      Versatile e-mail processor
ii  sendmail-bin [mail-transpor 8.13.4-3     powerful, efficient, and scalable 

Versions of packages rmail depends on:
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libldap2                    2.1.30-8     OpenLDAP libraries
ii  sendmail-bin [mail-transpor 8.13.4-3     powerful, efficient, and scalable 

Versions of packages libmilter0 depends on:
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDMpbv10rqkowbIskRAhZPAJ9hii3tuYzZDdCGAhnoRswJm04xmgCfSDjD
yFQVZ+0jcMo+EbVXkktY3QE=
=AnqX
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to