On Tue, Aug 11, 2009 at 10:56:57AM +0200, Joerg Morbitzer wrote:
I just did a fresh sendmail installation on Debian Etch getting this
auto-generated new /etc/mail/access file:
titan:~# grep ^Connect:.*RELAY /etc/mail/access
Connect:localhost RELAY
Connect:127
* Lupe Christoph l...@lupe-christoph.de [090810 21:13]:
Almost all security holes need to user to do something. (If only to
power up the machine, to install some packages, to connect to the
internet, to give accounts to users). The question cannot be that
something has to be done do make
Re,
Lupe Christoph wrote:
On Monday, 2009-08-10 at 14:35:06 +0200, Bernhard R. Link wrote:
* Lupe Christoph l...@lupe-christoph.de [090810 13:53]:
On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
last week, there was an article on heise security about MTAs[1] which
relay mails
OK, I give up. And shut up.
Please file a bug against the sendmail package, with the information
that sendmail allows you to enter Connect:localhost RELAY in
/etc/mail/access.
And another one that Connect:127.0.0.1 RELAY opens up the same hole as
Connect:localhost RELAY.
Since I have no
On Tuesday, 2009-08-11 at 10:32:04 +0200, Bernhard R. Link wrote:
* Lupe Christoph l...@lupe-christoph.de [090810 21:13]:
Almost all security holes need to user to do something. (If only to
power up the machine, to install some packages, to connect to the
internet, to give accounts to
Lupe Christoph wrote:
OK, I give up. And shut up.
Please file a bug against the sendmail package, with the information
that sendmail allows you to enter Connect:localhost RELAY in
/etc/mail/access.
And another one that Connect:127.0.0.1 RELAY opens up the same hole as
Connect:localhost
* Lupe Christoph l...@lupe-christoph.de [090811 10:56]:
So it is in my eyes no criteria at all that the user has to change some
configuration. The question is whether this change is supposed to cause
the effects it does and if a user can be expected to understand the
effects.
Please go
If sendmail would do a double lookup verify on the reverse DNS records,
there would be no problem at all.
When some obscure IP address has reverse DNS pointer record localhost
and sendmail would do another lookup to see what IP address belongs to
localhost, then it would not match (obscure IP !=
Hi,
last week, there was an article on heise security about MTAs[1] which
relay mails for hosts having a reverse resolution of 'localhost'. Doing
a small test shows that sendmail on etch seems to be vulnerable, too. I
need to have a localhost RELAY line in my access file (which is not
On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
last week, there was an article on heise security about MTAs[1] which
relay mails for hosts having a reverse resolution of 'localhost'. Doing
a small test shows that sendmail on etch seems to be vulnerable, too. I
need to have
Re,
#Lupe Christoph wrote:
On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
last week, there was an article on heise security about MTAs[1] which
relay mails for hosts having a reverse resolution of 'localhost'. Doing
a small test shows that sendmail on etch seems to be
On Monday, 2009-08-10 at 14:03:44 +0200, Thomas Liske wrote:
#Lupe Christoph wrote:
On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
last week, there was an article on heise security about MTAs[1] which
relay mails for hosts having a reverse resolution of 'localhost'.
Doing a
On Mon, 2009-08-10 at 14:03 +0200, Thomas Liske wrote:
if an access line like:
Connect:localhost RELAY
turns a MTA into an Open Relay than I would prefere a DSA, since the
ACL
implementation is broken IMHO.
As long as reverse DNS can be faked, I would never use hostnames
Re,
Jan de Groot wrote:
On Mon, 2009-08-10 at 14:03 +0200, Thomas Liske wrote:
if an access line like:
Connect:localhost RELAY
turns a MTA into an Open Relay than I would prefere a DSA, since the
ACL
implementation is broken IMHO.
As long as reverse DNS can be faked, I would
* Jan de Groot j...@jgc.homeip.net [090810 14:22]:
On Mon, 2009-08-10 at 14:03 +0200, Thomas Liske wrote:
if an access line like:
Connect:localhost RELAY
turns a MTA into an Open Relay than I would prefere a DSA, since the
ACL
implementation is broken IMHO.
As long
* Lupe Christoph l...@lupe-christoph.de [090810 13:53]:
On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
last week, there was an article on heise security about MTAs[1] which
relay mails for hosts having a reverse resolution of 'localhost'. Doing
a small test shows that
On Monday, 2009-08-10 at 14:35:06 +0200, Bernhard R. Link wrote:
* Lupe Christoph l...@lupe-christoph.de [090810 13:53]:
On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
last week, there was an article on heise security about MTAs[1] which
relay mails for hosts having a
17 matches
Mail list logo