Hi folks, In message <372E9068C013D211891F00805F9FD1C201895FDAat_private> "Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2" ""Callison, James P" <callisonat_private>" wrote: > The sendmail.cf that comes with RedHat 5.x (sendmail 8.8.7) doesn't work > against the open relay problem, although it does contain most of the rules > needed to do so. I remember the sendmail 8.9.3 is contained in RedHat 6.0 (Japanese and English) and check whether the vulnerability is fixed or not. It seems still the rule of sendmail.cf can allow the source routing and does not reject it. Even the sendmail.cf is designed for sendmail 8.9.3. I felt it is hard to understand that it contains and allows a feature which is based on UUCP in the default value. I recommend extremely that administrators of sendmail 8.9.3 (Does not care who use Linux or other UNIXes) should re-check whose own rule of sendmail.cf after the installation. -- SAKAI Yoriyuki /----------------------------------->> sakaiat_private / LAC Co., Ltd. <<-----------------------/ http://www.lac.co.jp/security/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:57:23 PDT