On Wed, 16 Aug 2000, Sematimba Noah wrote:
From: Sematimba Noah <ksemat@wawa.eahd.or.ug> To: suse-security@suse.com Date: Wed, 16 Aug 2000 16:20:06 +0300 (EAT) Subject: [suse-security] sendmail etrn
I notiiced that on my redhat box etrn is turned off but to check on my suse box it is very much there. I would like to know how to tun it off I tried O PrivacyOptions=goaway,authwarnings,noetrn but that didn't work. Aslo does it have any security implications to leave it enabled?
Noah ksemat@eahd.or.ug
As far as I can see, nobody answered your mail yet. sendmail's etrn doesn't have any security implications since the sendmail implementation doesn't betray any secrets to the one triggering the queue. Don't confuse etrn with expn. expn does indeed have security aspects since it provides information about deliverable addresses and therefore possible local accounts on the system in question. Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -