Jessica Perry Hekman <[EMAIL PROTECTED]> writes: > They said I should just use sendmail. I quoted them the comment in > Defaults.py which explains that that's insecure, and they said it > wasn't insecure on their server since their sendmail is just a > wrapper around qmail.
When OUTGOINGMAIL = 'sendmail', TMDA sends mail with the sendmail interface like such: /usr/sbin/sendmail -f 'envelope_sender' -- 'envelope_recipient' Thus, if someone sends you a message with some shell command as their Return-Path, there is a chance it could be executed by the shell when the above sendmail command is run. I haven't examined this issue in depth, because the smtp method is available which is not vulnerable to this type of attack. My warning in the comments comes directly from Mailman which also recommends against using sendmail. In fact, in the latest Mailman (2.1b3), using sendmail is no longer a configurable option. You now have to go edit some source code to enable it. That's how strongly they feel about it. I know not whether this issue is MTA-independent or not. It may very well be that qmail can not be exploited in this way. _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
