Bug 3882

Summary: Unlike 5.2, RH6.0 sendmail seems to relay by default
Product: [Retired] Red Hat Linux Reporter: Kern Sibbald <kern>
Component: sendmailAssignee: Cristian Gafton <gafton>
Status: CLOSED WORKSFORME QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-08-16 18:59:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kern Sibbald 1999-07-03 09:18:28 UTC 
The sendmail that came with RedHat 5.2 by default did not
allow relaying.  It had to be explicitly enabled, which is
very good. Apparently the scheme for permitting relaying
has changed in the new V8 sendmail shipped with RH6.0.
However, the sendmail.cf file that you distribute with the
new sendmail seems to be a kludged up version of the V7
sendmail.cf file probably to make it work with Linuxconf.
It no longer defaults to prohibiting relaying. I cannot see
any way to stop relaying as all the code from the
V7 version that accomplished this is missing and yet the
new database (apparently in /etc/mail/access.db) does not
seem to be enabled.

The mixing of V7 sendmail.cf code with V8 sendmail is
very confusing. For example, the /etc/mail/access file from
RedHat 6.0 has the following
comments:
# Check the /usr/doc/sendmail-8.9.3/README.cf file for a
description # of the format of this file. (search for
access_db in that file)
# The /usr/doc/sendmail-8.9.3/README.cf is part of the
sendmail-doc
# package.

yet the sendmail.cf file you ship with RedHat 6.0 has the
following:
#####           SENDMAIL CONFIGURATION FILE
#####
##### built by root.com on Thu Oct 30 01:33:15
EST 1997
##### in /usr/src/bs/BUILD/sendmail-8.8.7/cf/cf
##### using ../ as configuration include directory
#####


What version are we working with 8.9.3 or 8.8.7 ????
The top of the sendmail.cf that comes with RedHat 6.0 file
says:
# This file is built out of files in
/var/tmp/linuxconf-root/usr/lib/linuxconf/mailconf
# If you want to do manual modifications to one file
# do not modify files in
/var/tmp/linuxconf-root/usr/lib/linuxconf/mailconf, instead
# copy the file in /etc/mail/mailconf/
# and do the modification there.
# Linuxconf will use your file from now on.
# It will even find out that the sendmail.cf
# must be rebuilt.

OK, no problem, I'll edit anything anywhere. However there
is no:
/var/tmp/linuxconf-root/usr/lib/linuxconf/mailconf on my
system, nor is there /etc/mail/mailconf on my system.

The fact that it seems to RELAY by default (the contrary
of bug #3178 ????) is a possible security violation.

I've solved (kludged) the problem here by making the
necessary changes to the RH5.2 sendmail.cf file to work on
6.0.

Thanks,

Kern Sibbald
Comment 1 Cristian Gafton 1999-08-16 18:59:59 UTC 
The sendmail in 6.0 allows relaying only from localhost by default.
(At leats in the default config files. Have you regenerated your
config files with the new m4 macros?)