On Monday, 2009-08-10 at 14:03:44 +0200, Thomas Liske wrote: > #Lupe Christoph wrote: >> On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
>>> last week, there was an article on heise security about MTAs[1] which >>> relay mails for hosts having a reverse resolution of 'localhost'. >>> Doing a small test shows that sendmail on etch seems to be >>> vulnerable, too. I need to have a localhost RELAY line in my access >>> file (which is not default AFAIK). >>> Will there be a DSA on this issue, since it seems to turn Sendmail >>> installations with allowed localhost RELAYing into Open Relays? >> Are you saying you want a DSA for a package that does not have that >> particular vulnerability, but allows a user to create it? > if an access line like: > Connect:localhost RELAY > turns a MTA into an Open Relay than I would prefere a DSA, since the ACL > implementation is broken IMHO. Well, a line like this: Connect:spammer.com RELAY does the same, so, as I said, just don't do it. I still don't see why on one hand you say that you need a localhost line, and then complain that it hurts you. Why can't you use 127.0.0.1 or localhost.mydomain? Lupe Christoph -- | There is no substitute for bad design except worse design. | | /me | -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
