mailing list archives
Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2
From: callison () OU EDU (Callison, James P)
Date: Mon, 26 Jul 1999 16:05:20 -0500
The sendmail.cf that comes with RedHat 5.x (sendmail 8.8.7) doesn't work
against the open relay problem, although it does contain most of the rules
needed to do so.
The way I got around it was to cut out the Scheck_rcpt and Sremove_local
stuff in sendmail.cf and replace them with similar rulesets I found at
http://www.sendmail.org/~ca/email/check.html#check_rcpt . The Scheck_rcpt
and Sremovelocal sections listed here will stop all of the (currently) known
I originally tried editing the existing sendmail.cf sections, but that
didn't work (I must've screwed somthing up, 'cause it started relaying
*everything*), so I eventually cut out both existing sections and pasted in
the sections on said Web page.
Once I did the cut-n-paste thing, I got my machine out of the ORBS
(http://www.orbs.com) database. If it doesn't stop all unauthorized
relaying, it at least blocks enough that ORBS can't relay through it.
James P. Callison
The University of Oklahoma Law Center
callison () ou edu
Dumb things don't happen by accident. It takes a highly
skilled village of idiots. -- AutoWeek, 29 Dec 1997
From: Matt Dunn [mailto:matt () ELECTROCENTRIC COM]
Sent: Thursday, July 22, 1999 2:43 PM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2
Users of sendmail 8.9.x of course have no problem, neither do those who
updated their mail relay prevention rulesets recently, but I think there
enough RedHat 5.0, 5.1 and 5.2 users who are unaware of the problem to make
worth sending this out.
Actually, the default install of 8.9.3 does NOT in and of itself fix this
problem. I'm looking into the rulesets that will specifically handle this.
- Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 Callison, James P (Jul 26)