Date: Sun, 13 Jan 2002 20:58:33 -0500 (EST) From: Alan Eldridge <ports@geeksrus.net> To: FreeBSD-gnats-submit@freebsd.org Subject: conf/33855: freebsd.mc enables relay_based_on_MX: open-relay vulnerability Message-ID: <200201140158.g0E1wXC85902@wwweasel.geeksrus.net>
next in thread | raw e-mail | index | archive | help
>Number: 33855 >Category: conf >Synopsis: freebsd.mc enables relay_based_on_MX: open-relay vulnerability >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Jan 13 18:00:03 PST 2002 >Closed-Date: >Last-Modified: >Originator: Alan Eldridge >Release: FreeBSD 4.4-STABLE i386 >Organization: Geeksrus.NET >Environment: System: FreeBSD wwweasel.geeksrus.net 4.4-STABLE FreeBSD 4.4-STABLE #0: Sun Dec 2 19:14:12 EST 2001 root@wwweasel.geeksrus.net:/usr/obj/usr/src/sys/WWWEASEL i386 >Description: The default mailer configuration enables "relay_based_on_MX". This feature is dangerous, as it can allow outsiders to use the system as an incoming mail relay without the owner's permission. <paranoia> A spammer could use this feature to cause a host to appear in the chain of "Received from:" headers of a spam run, thus landing the host on various blacklists and seriously impeding the ability to send mail from the system. Since spammers like to involve uninterested third parties in their mailings as a misdirection technique, this is not that far-fetched, unfortunately. </paranoia> >How-To-Repeat: >Fix: --- patch-etc-sendmail-freebsd.mc begins here --- --- /usr/cvsup/src/etc/sendmail/freebsd.mc Sat Jul 14 14:07:27 2001 +++ ./freebsd.mc Sun Jan 13 20:50:07 2002 @@ -52,7 +52,10 @@ FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') -FEATURE(relay_based_on_MX) +dnl Uncomment to allow relaying to anyone who lists this host +dnl in a DNS MX record. This allows someone to use this host as +dnl as incoming mailhost without permission. +dnl FEATURE(relay_based_on_MX) FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') dnl Uncomment to activate Realtime Blackhole List --- patch-etc-sendmail-freebsd.mc ends here --- >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201140158.g0E1wXC85902>