Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2

[callison () OU EDU (Callison, James P)]

The sendmail.cf that comes with RedHat 5.x (sendmail 8.8.7) doesn't work
against the open relay problem, although it does contain most of the rules
needed to do so.

The way I got around it was to cut out the Scheck_rcpt and Sremove_local
stuff in sendmail.cf and replace them with similar rulesets I found at
http://www.sendmail.org/~ca/email/check.html#check_rcpt . The Scheck_rcpt
and Sremovelocal sections listed here will stop all of the (currently) known
relaying methods.

I originally tried editing the existing sendmail.cf sections, but that
didn't work (I must've screwed somthing up, 'cause it started relaying
*everything*), so I eventually cut out both existing sections and pasted in
the sections on said Web page.

Once I did the cut-n-paste thing, I got my machine out of the ORBS
(http://www.orbs.com) database. If it doesn't stop all unauthorized
relaying, it at least blocks enough that ORBS can't relay through it.

James

James P. Callison
Network Administrator
The University of Oklahoma Law Center
callison () ou edu
Dumb things don't happen by accident. It takes a highly
skilled village of idiots. -- AutoWeek, 29 Dec 1997

-----Original Message-----
From: Matt Dunn [mailto:matt () ELECTROCENTRIC COM]
Sent: Thursday, July 22, 1999 2:43 PM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2

> Users of sendmail 8.9.x of course have no problem, neither do those who
have
> updated their mail relay prevention rulesets recently, but I think there
are
> enough RedHat 5.0, 5.1 and 5.2 users who are unaware of the problem to make
it
> worth sending this out.

Actually, the default install of 8.9.3 does NOT in and of itself fix this
problem. I'm looking into the rulesets that will specifically handle this.

-Matt