Re: sendmail & localhost rDNS

On Monday, 2009-08-10 at 14:35:06 +0200, Bernhard R. Link wrote: > * Lupe Christoph [090810 13:53]: > > On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote: > > > last week, there was an article on heise security about MTAs[1] which > > > relay mails for hosts having a reverse resolutio

Re: sendmail & localhost rDNS

* Lupe Christoph [090810 13:53]: > On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote: > > > last week, there was an article on heise security about MTAs[1] which > > relay mails for hosts having a reverse resolution of 'localhost'. Doing > > a small test shows that sendmail on etch

RE: [SECURITY] [DSA 1854-1] New APR packages fix arbitrary code execution

I guess I will run apt-get upgrade everywhereit's available on drepo as of this morning. Shawn Henson CTR-EDS, an HP Company DMLSS/JMLFDC/IST 1681 Nelson St, Ft Detrick, MD 21702 DSN 343-9712, COM 301-619-9712, FAX 301-619-7831 -Original Message- From: Florian Weimer [mailto:f...

Re: sendmail & localhost rDNS

* Jan de Groot [090810 14:22]: > On Mon, 2009-08-10 at 14:03 +0200, Thomas Liske wrote: > > if an access line like: > > > > Connect:localhost RELAY > > > > turns a MTA into an Open Relay than I would prefere a DSA, since the > > ACL > > implementation is broken IMHO. > > As long as r

Re: sendmail & localhost rDNS

Re, Jan de Groot wrote: On Mon, 2009-08-10 at 14:03 +0200, Thomas Liske wrote: if an access line like: Connect:localhost RELAY turns a MTA into an Open Relay than I would prefere a DSA, since the ACL implementation is broken IMHO. As long as reverse DNS can be faked, I would

Re: sendmail & localhost rDNS

On Mon, 2009-08-10 at 14:03 +0200, Thomas Liske wrote: > if an access line like: > > Connect:localhost RELAY > > turns a MTA into an Open Relay than I would prefere a DSA, since the > ACL > implementation is broken IMHO. As long as reverse DNS can be faked, I would never use hostn

Re: sendmail & localhost rDNS

On Monday, 2009-08-10 at 14:03:44 +0200, Thomas Liske wrote: > #Lupe Christoph wrote: >> On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote: >>> last week, there was an article on heise security about MTAs[1] which >>> relay mails for hosts having a reverse resolution of 'localhost'. >

Re: sendmail & localhost rDNS

Re, #Lupe Christoph wrote: On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote: last week, there was an article on heise security about MTAs[1] which relay mails for hosts having a reverse resolution of 'localhost'. Doing a small test shows that sendmail on etch seems to be vulnerab

Re: sendmail & localhost rDNS

On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote: > last week, there was an article on heise security about MTAs[1] which > relay mails for hosts having a reverse resolution of 'localhost'. Doing > a small test shows that sendmail on etch seems to be vulnerable, too. I > need to h

sendmail & localhost rDNS

Hi, last week, there was an article on heise security about MTAs[1] which relay mails for hosts having a reverse resolution of 'localhost'. Doing a small test shows that sendmail on etch seems to be vulnerable, too. I need to have a localhost RELAY line in my access file (which is not default