[Exim] exim as relay for latest sendmail bug?

Pàgina inicial
Delete this message
Reply to this message
Autor: Marc Haber
Data:  
A: exim-users
Assumpte: [Exim] exim as relay for latest sendmail bug?
Hi,

the latest sendmail bug can be exploited by sending a message to a
vulnerable system. Using exim as an application level gateway doesn't
help here, since exim will happily relay the message containing the
exploit to a vulnerable internal system.

Has anybody out here done an analysis of the sendmail bug? Is it
possible to configure exim to not relay an exploiting message, but
instead rejecting it? I would be very interested in solutions for both
exim 3 and exim 4.

Greetings
Marc

--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29