Re: [suse-security] sendmail (expn)

24 Jul 2000


      Thanks a lot. You just answered my next question about the goaway option.
Meanwhile I would like to know about the buffer overflow bug in sendmail
earlier than 8.9.3 I have a client who refuses to upgrade his
sendmail. How does it work and is there a way for me to patch the sendmail
without upgrading it? and where do I get the patch?
 On Sun, 23 Jul 2000,
Ralf Folkerts wrote:
...
Date: Sun, 23 Jul 2000 15:46:40 +0200
From: Ralf Folkerts <ralf@folkerts-net.de>
To: ksemat@wawa.eahd.or.ug
Cc: suse-security@suse.com
Subject: Re: [suse-security] sendmail (expn)
----- Original Message -----
...
I remember that somewhere in my fileysytem I set an option that turned
off
the expn command in sendmail but I just don't remember where can
anyone
remind me please where it is done?
Hi Noah,
you can disable this in the /etc/sendmail.cf File, using the Option
"PrivacyOptions"; I'll quote from the www.sendmail.org Site below...
So it's e.g. putting an "O PrivacyOptions=noexpn" in the sendmail.cf
File -- or something more restrictive...
---<<<---
PrivacyOptions=opt,opt,...
     [p] Set the privacy options. ``Privacy'' is really a misnomer; many
of these are just a way of insisting on stricter adherence to the SMTP
protocol.
     The options can be selected from:
public Allow open access
          needmailhelo Insist on HELO or EHLO command before MAIL
          needexpnhelo Insist on HELO or EHLO command before EXPN
          noexpn Disallow EXPN entirely
          needvrfyhelo Insist on HELO or EHLO command before VRFY
          novrfy Disallow VRFY entirely
          restrictmailq Restrict mailq command
          restrictqrun Restrict -q command line flag
          noreceipts Don't return success DSNs
          goaway Disallow essentially all SMTP status queries
          authwarnings Put X-Authentication-Warning: headers in messages
     The goaway pseudo-flag sets all flags except restrictmailq and
restrictqrun. If mailq is restricted, only people in the same group as
the
     queue directory can print the queue. If queue runs are restricted,
only root and the owner of the queue directory can run the queue.
     Authentication Warnings add warnings about various conditions that
may indicate attempts to spoof the mail system, such as using an
     non-standard queue directory.
--->>>---
_ralf_
Noah
ksemat@eahd.or.ug

ksemat＠wawa.eahd.or.ug

tags

participants (1)