Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] Sendmail noetrn?
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Wed, 2 Aug 2000 17:50:57 +0200 (MEST)
  • Message-id: <Pine.LNX.4.21.0008021720490.7754-100000@xxxxxxxxxxxx>
> >
> > Hi,
> > I noticed that the new sendmail.cf that suse installed included
> > a noetrn setting. It didn't take me very long to change it but am I missing
> > something? I can't see how having etrn on can hurt anything?
> >
> > Nick
>
> The only reason to disable this would be to prevent people from connecting
> to sendmail and doing an etrn root to find out where root's email has been
> aliased to. Or etrn anyone else to see how they're aliased. I can't
> really think of a good reason to enable it, though. To me, etrn seems
> like a vestige of an older, more trusting time. :)
>
> John

John,

you're confusing `EXPN' (or `VRFY'), with `ETRN' as described by RFC1985.

ETRN is used to start a queue for a particular node on a mail exchanger.

If the mail exchanger doesn't provide any information about the ongoing
efforts whatsoever, ETRN doesn't have any security implications. Sendmail
behaves in this pattern, fortunately. Turning ETRN off doesn't serve any
purpose, fortunately.

Thanks,
Roman.
--
- -
| Roman Drahtm├╝ller <draht@xxxxxxx> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| N├╝rnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -


< Previous Next >
Follow Ups
References