[Exim] exim as relay for latest sendmail bug?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Marc Haber
Date:  
À: exim-users
Sujet: [Exim] exim as relay for latest sendmail bug?
Hi,

the latest sendmail bug can be exploited by sending a message to a
vulnerable system. Using exim as an application level gateway doesn't
help here, since exim will happily relay the message containing the
exploit to a vulnerable internal system.

Has anybody out here done an analysis of the sendmail bug? Is it
possible to configure exim to not relay an exploiting message, but
instead rejecting it? I would be very interested in solutions for both
exim 3 and exim 4.

Greetings
Marc

--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29