sendmail 8.9 open relay ?
Hi folks, just received a message from the "famous" :-) ORBS database claiming that our server is open for mail-relaying. Hmm, as far as I remeber, this was correct for the earlier versions and I was told (from SuSE I think, but not sure about this) that sendmail would be safe starting with SuSE6.0. Well, I did install SuSE6.0 and thought this would be ok now. I did some checks by myself and found out that the server is indeed still open for relays. Did I forget some configuration details ? Or what else can I do to close mail-relaying ? Thanks in advance. --- Stephan
There aer still a number of things in the default sendmail 8.9.x config that are insecure. These are fixed in the 8.10.0.Beta* public betas. The relay methods are suitably obscure, but still exploitable. I ran my 8.10.0.Beta* through ORBS and came up clean, so whatever the default is "now" it works. :) I would recommend upgrading to the newer sendmail betas, from ftp://ftp.sendmail.org/ D At 12:28 AM 1/28/00 +0100, Security Webmaster OKDesign oHG wrote:
Hi folks, just received a message from the "famous" :-) ORBS database claiming that our server is open for mail-relaying. Hmm, as far as I remeber, this was correct for the earlier versions and I was told (from SuSE I think, but not sure about this) that sendmail would be safe starting with SuSE6.0. Well, I did install SuSE6.0 and thought this would be ok now. I did some checks by myself and found out that the server is indeed still open for relays. Did I forget some configuration details ? Or what else can I do to close mail-relaying ? Thanks in advance.
--- Stephan
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On Fri, 28 Jan 2000, Security Webmaster OKDesign oHG wrote:
just received a message from the "famous" :-) ORBS database claiming that our server is open for mail-relaying.
For those who don't know, you can find the ORBS database at: http://www.orbs.org/ You can run a relaying test against a mail server at: http://www.abuse.net/relay.html I don't know whether this is an exhaustive test, but I seemed to pass.
I did some checks by myself and found out that the server is indeed still open for relays. Did I forget some configuration details ? Or what else can I do to close mail-relaying ?
I have a later version of SuSE than you installed; you can get the benefits of the later versions by grabbing the *source* rpm from a later distro and issuing the following command: rpm --rebuild sendmail<version>.src.rpm -- _Deirdre * http://www.linuxcabal.net * http://www.deirdre.net "Mars has been a tough target" -- Peter G. Neumann, Risks Digest Moderator "That's because the Martians keep shooting things down." -- Harlan Rosenthal <Harlan.Rosenthal@Dialogic.com>, retorting in Risks Digest 20.60
Security Webmaster OKDesign oHG wrote:
Hi folks, just received a message from the "famous" :-) ORBS database claiming that our server is open for mail-relaying. Hmm, as far as I remeber, this was correct for the earlier versions and I was told (from SuSE I think, but not sure about this) that sendmail would be safe starting with SuSE6.0. Well, I did install SuSE6.0 and thought this would be ok now. I did some checks by myself and found out that the server is indeed still open for relays.
SuSE6.0 came with sendmail 8.8. No? If so it defaults to open relay. 8.9 fixed that. Nick -- -------------------------------------------------- Nick Zentena "Microsoft has unjustifiably jeopardized the stability and security of the operating system." U.S. District Judge Thomas Penfield Jackson Nov 5/1999 --------------------------------------------------
Hi, On Thu, 27 Jan 2000, Nick Zentena wrote:
Security Webmaster OKDesign oHG wrote:
just received a message from the "famous" :-) ORBS database claiming that our server is open for mail-relaying. Hmm, as far as I remeber, this was correct for the earlier versions and I was told (from SuSE I think, but not sure about this) that sendmail would be safe starting with SuSE6.0. Well, I did install SuSE6.0 and thought this would be ok now. I did some checks by myself and found out that the server is indeed still open for relays.
SuSE6.0 came with sendmail 8.8. No? If so it defaults to open relay. 8.9 fixed that.
Correct:
rpm -qp /CD-ARCHIVE/6.0/suse-i386-1/CD1/suse/n1/sendmail.rpm sendmail-8.8.8-45
We switched to sendmail 8.9 with SuSE Linux 6.1 Bye, LenZ -- ------------------------------------------------------------------ Lenz Grimmer SuSE GmbH mailto:grimmer@suse.de Schanzaeckerstr. 10 http://www.suse.de/~grimmer 90443 Nuernberg, Germany
participants (5)
-
Deirdre Saoirse -
Derek J. Balling -
Lenz Grimmer -
Nick Zentena -
Security Webmaster OKDesign oHG