Hi, I noticed that the new sendmail.cf that suse installed included a noetrn setting. It didn't take me very long to change it but am I missing something? I can't see how having etrn on can hurt anything? Nick -- ----------------------------- Anybody got plans for an ark? -----------------------------
On Wed, 2 Aug 2000, Nick Zentena wrote:
Hi, I noticed that the new sendmail.cf that suse installed included a noetrn setting. It didn't take me very long to change it but am I missing something? I can't see how having etrn on can hurt anything?
Nick
The only reason to disable this would be to prevent people from connecting to sendmail and doing an etrn root to find out where root's email has been aliased to. Or etrn anyone else to see how they're aliased. I can't really think of a good reason to enable it, though. To me, etrn seems like a vestige of an older, more trusting time. :) John
Hi, I noticed that the new sendmail.cf that suse installed included a noetrn setting. It didn't take me very long to change it but am I missing something? I can't see how having etrn on can hurt anything?
Nick
The only reason to disable this would be to prevent people from connecting to sendmail and doing an etrn root to find out where root's email has been aliased to. Or etrn anyone else to see how they're aliased. I can't really think of a good reason to enable it, though. To me, etrn seems like a vestige of an older, more trusting time. :)
John
John, you're confusing `EXPN' (or `VRFY'), with `ETRN' as described by RFC1985. ETRN is used to start a queue for a particular node on a mail exchanger. If the mail exchanger doesn't provide any information about the ongoing efforts whatsoever, ETRN doesn't have any security implications. Sendmail behaves in this pattern, fortunately. Turning ETRN off doesn't serve any purpose, fortunately. Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
On Wed, 02 Aug 2000, Roman Drahtmueller wrote:
If the mail exchanger doesn't provide any information about the ongoing efforts whatsoever, ETRN doesn't have any security implications. Sendmail behaves in this pattern, fortunately. Turning ETRN off doesn't serve any purpose, fortunately.
Basically what I figured. Thanks Nick -- ----------------------------- Anybody got plans for an ark? -----------------------------
participants (3)
-
John Ritchie -
Nick Zentena -
Roman Drahtmueller