Mailinglist Archive: opensuse-security (260 mails)

< Previous Next >
Re: [suse-security] sendmail (expn)
  • From: <ksemat@xxxxxxxxxxxxxxx>
  • Date: Mon, 24 Jul 2000 09:14:33 +0300 (EAT)
  • Message-id: <Pine.LNX.4.21.0007240910110.7159-100000@xxxxxxxxxxxxxxx>
Thanks a lot. You just answered my next question about the goaway option.
Meanwhile I would like to know about the buffer overflow bug in sendmail
earlier than 8.9.3 I have a client who refuses to upgrade his
sendmail. How does it work and is there a way for me to patch the sendmail
without upgrading it? and where do I get the patch?
On Sun, 23 Jul 2000,
Ralf Folkerts wrote:

> Date: Sun, 23 Jul 2000 15:46:40 +0200
> From: Ralf Folkerts <ralf@xxxxxxxxxxxxxxx>
> To: ksemat@xxxxxxxxxxxxxxx
> Cc: suse-security@xxxxxxxx
> Subject: Re: [suse-security] sendmail (expn)
>
> ----- Original Message -----
> > I remember that somewhere in my fileysytem I set an option that turned
> off
> > the expn command in sendmail but I just don't remember where can
> anyone
> > remind me please where it is done?
>
> Hi Noah,
>
> you can disable this in the /etc/sendmail.cf File, using the Option
> "PrivacyOptions"; I'll quote from the www.sendmail.org Site below...
>
> So it's e.g. putting an "O PrivacyOptions=noexpn" in the sendmail.cf
> File -- or something more restrictive...
>
> ---<<<---
> PrivacyOptions=opt,opt,...
> [p] Set the privacy options. ``Privacy'' is really a misnomer; many
> of these are just a way of insisting on stricter adherence to the SMTP
> protocol.
> The options can be selected from:
>
> public Allow open access
> needmailhelo Insist on HELO or EHLO command before MAIL
> needexpnhelo Insist on HELO or EHLO command before EXPN
> noexpn Disallow EXPN entirely
> needvrfyhelo Insist on HELO or EHLO command before VRFY
> novrfy Disallow VRFY entirely
> restrictmailq Restrict mailq command
> restrictqrun Restrict -q command line flag
> noreceipts Don't return success DSNs
> goaway Disallow essentially all SMTP status queries
> authwarnings Put X-Authentication-Warning: headers in messages
> The goaway pseudo-flag sets all flags except restrictmailq and
> restrictqrun. If mailq is restricted, only people in the same group as
> the
> queue directory can print the queue. If queue runs are restricted,
> only root and the owner of the queue directory can run the queue.
> Authentication Warnings add warnings about various conditions that
> may indicate attempts to spoof the mail system, such as using an
> non-standard queue directory.
> --->>>---
>
> _ralf_
>
>

Noah
ksemat@xxxxxxxxxx




< Previous Next >
This Thread
  • No further messages