Re,
Jan de Groot wrote:
On Mon, 2009-08-10 at 14:03 +0200, Thomas Liske wrote:
if an access line like:
Connect:localhost RELAY
turns a MTA into an Open Relay than I would prefere a DSA, since the
ACL
implementation is broken IMHO.
As long as reverse DNS can be faked, I would never use hostnames in my
configuration files like that. If the debian package doesn't ship with
this ACL as default, I don't see reason for a DSA.
the problem is even more worse. Replacing localhost with 127.0.0.1 as
suggested by Lupe Christoph doesn't change anything. I can still relay
if my reverse DNS resolves to localhost.
Regards,
Thomas
--
supp...@ibh.de Tel. +49 351 477 77 30
www.ibh.de Fax +49 351 477 77 39
-----------------------------------------------------------------------
Dipl.-Ing. Thomas Liske
Netzwerk- und System-Design
IBH IT-Service GmbH Amtsgericht Dresden
Gostritzer Str. 61-63 HRB 13626
D-01217 Dresden GF: Prof. Dr. Thomas Horn
Germany VAT DE182302907
-----------------------------------------------------------------------
Ihr Partner für: LAN, WAN IP-Quality, Security, VoIP, SAN, Backup, USV
-----------------------------------------------------------------------
professioneller IT-Service - kompetent und zuverlässig
-----------------------------------------------------------------------
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
