Bug 9666 - sendmail relay network security problem. Sendmail is an open email relay
sendmail relay network security problem. Sendmail is an open email relay
Product: Red Hat Linux
Classification: Retired
Component: sendmail (Show other bugs)
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Cristian Gafton
Depends On:
  Show dependency treegraph
Reported: 2000-02-21 22:57 EST by abs01
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-05-19 05:55:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description abs01 2000-02-21 22:57:37 EST
Linuxconfig generates a sendmail.cf file based on sendmail version 8.8, but
the binary is 8.9. This allows people to use your server as a relay by
simply doing the following:

To: "someone@somedomain.com"@yourdomain.com

If someone sends an email to the above address your mail server will relay
the message to "someone@somedomain.com". This is true even if you have
ip_allow or pop_auth configured. This problem will get you on the blacklist
in a flash!

I'm no sendmail expert. In fact, I don't have a clue where to begin to fix
this. My server is full production and I can't afford to bring everything
down trying to figure out how the m4 program works. The book sendmail by
O'reilly 2nd addition is just as cryptic as everything else I've found
regarding sendmail.
Comment 1 Florian La Roche 2000-05-19 05:55:59 EDT
must be fixed within linuxconf or with a better config tool for

Note You need to log in before you can comment on or make changes to this bug.