On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote: > last week, there was an article on heise security about MTAs[1] which > relay mails for hosts having a reverse resolution of 'localhost'. Doing > a small test shows that sendmail on etch seems to be vulnerable, too. I > need to have a localhost RELAY line in my access file (which is not > default AFAIK).
> Will there be a DSA on this issue, since it seems to turn Sendmail > installations with allowed localhost RELAYing into Open Relays? Are you saying you want a DSA for a package that does not have that particular vulnerability, but allows a user to create it? "Doctor, it hurts when I do this!" "Don't do it, then." Lupe Christoph -- | There is no substitute for bad design except worse design. | | /me | -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
