Bug 9666 - sendmail relay network security problem. Sendmail is an open email relay
Summary: sendmail relay network security problem. Sendmail is an open email relay
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sendmail
Version: 6.0
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Cristian Gafton
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-02-22 03:57 UTC by abs01
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2000-05-19 09:55:40 UTC
Embargoed:

Attachments (Terms of Use)

Description abs01 2000-02-22 03:57:37 UTC 
Linuxconfig generates a sendmail.cf file based on sendmail version 8.8, but
the binary is 8.9. This allows people to use your server as a relay by
simply doing the following:

To: "someone"@yourdomain.com

If someone sends an email to the above address your mail server will relay
the message to "someone". This is true even if you have
ip_allow or pop_auth configured. This problem will get you on the blacklist
in a flash!

I'm no sendmail expert. In fact, I don't have a clue where to begin to fix
this. My server is full production and I can't afford to bring everything
down trying to figure out how the m4 program works. The book sendmail by
O'reilly 2nd addition is just as cryptic as everything else I've found
regarding sendmail.
Comment 1 Florian La Roche 2000-05-19 09:55:59 UTC 
must be fixed within linuxconf or with a better config tool for
sendmail.
Note You need to log in before you can comment on or make changes to this bug.