2003-03-10T14:12:04 Tim Thornton: > I understand that Qmail is not vulnerable to the > recent Sendmail issue, but I want to know if Qmail will > still forward the sendmail vulnerability "modified > oversized header" downstream to other MTA's, thus > leaving downstream sendmail servers open to the > vulnerability.
I don't know if it _does_, but it would not be incorrect for it to do so. The message headers in question are odd, and unexpected, but this isn't an issue of a technically illegal header that sendmail doesn't defend against, it's a theoretically valid if extremely weird header that provokes unexpected behavior from a real bug in sendmail. Given qmail's componentized modular architecture, it should be fairly reasonable to plug a filtering component in the mail flow path. I haven't used qmail in a few years, don't know for sure what API would be most convenient for such filtering, but if an SMTP->SMTP passthrough proxy would be convenient I've got a framework[1] for assembling such proxies that would make this pretty easy. A proxy that quarantined any message that contained a long string of <><> anywhere in the headers (i.e. before the first \r\n\r\n of the DATA body) would have very few false positives and would be quite straightforward. -Bennett
pgp00000.pgp
Description: PGP signature
