Hi! Yes it is true! It works, with a small change in the example to match the string in my script (I had to customize it initially). A quick workaround that I have just applied is to make sure that the string does not contain /sendmail/ so it cannot be injected into syslog via sendmail (may be injected some other way!). Hope this helps while, a better solution is suggested. Regards, Ramon. On Tue, 3 Jul 2001, Andrea Barisani wrote: > Hi to all, > [...] > > The syslog string searched by the script is in this form for the qpop > server > > /POP login by user \"[\-\_\w]+\" at \(.+\) ([0-9]\.]+)/) > > On some cobalt raq3 servers (with the poprelayd add-on packet installed ) > and in general on any system running the poprelayd script with sendmail is > possible to "inject" this string in the syslog using sendmail logging. So > anyone can insert a fake string with his own IP wich will be parsed by > poprelayd and that will permit the use of sendmail as a relay. > [...] ----------------------------------------------------------------------------- CIMAT Ramon Reyes Carrion Apdo. Postal 402 e-mail:ramonat_private 36000 Guanajuato, Gto. Tel (52) (473) 27155 Ext 49571 MEXICO Fax (52) (473) 25749. http://www.cimat.mx/
This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 11:36:14 PDT