There aer still a number of things in the default sendmail 8.9.x config that are insecure. These are fixed in the 8.10.0.Beta* public betas. The relay methods are suitably obscure, but still exploitable. I ran my 8.10.0.Beta* through ORBS and came up clean, so whatever the default is "now" it works. :) I would recommend upgrading to the newer sendmail betas, from ftp://ftp.sendmail.org/ D At 12:28 AM 1/28/00 +0100, Security Webmaster OKDesign oHG wrote:
Hi folks, just received a message from the "famous" :-) ORBS database claiming that our server is open for mail-relaying. Hmm, as far as I remeber, this was correct for the earlier versions and I was told (from SuSE I think, but not sure about this) that sendmail would be safe starting with SuSE6.0. Well, I did install SuSE6.0 and thought this would be ok now. I did some checks by myself and found out that the server is indeed still open for relays. Did I forget some configuration details ? Or what else can I do to close mail-relaying ? Thanks in advance.
--- Stephan
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com