The sendmail.cf that comes with RedHat 5.x (sendmail 8.8.7) doesn't work against the open relay problem, although it does contain most of the rules needed to do so. The way I got around it was to cut out the Scheck_rcpt and Sremove_local stuff in sendmail.cf and replace them with similar rulesets I found at http://www.sendmail.org/~ca/email/check.html#check_rcpt . The Scheck_rcpt and Sremovelocal sections listed here will stop all of the (currently) known relaying methods. I originally tried editing the existing sendmail.cf sections, but that didn't work (I must've screwed somthing up, 'cause it started relaying *everything*), so I eventually cut out both existing sections and pasted in the sections on said Web page. Once I did the cut-n-paste thing, I got my machine out of the ORBS (http://www.orbs.com) database. If it doesn't stop all unauthorized relaying, it at least blocks enough that ORBS can't relay through it. James James P. Callison Network Administrator The University of Oklahoma Law Center callisonat_private Dumb things don't happen by accident. It takes a highly skilled village of idiots. -- AutoWeek, 29 Dec 1997 -----Original Message----- From: Matt Dunn [mailto:mattat_private] Sent: Thursday, July 22, 1999 2:43 PM To: BUGTRAQat_private Subject: Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 >Users of sendmail 8.9.x of course have no problem, neither do those who have >updated their mail relay prevention rulesets recently, but I think there are >enough RedHat 5.0, 5.1 and 5.2 users who are unaware of the problem to make it >worth sending this out. Actually, the default install of 8.9.3 does NOT in and of itself fix this problem. I'm looking into the rulesets that will specifically handle this. -Matt
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:53:57 PDT