Re: [Exim] exim as relay for latest sendmail bug?

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M.MSuresh Ramasubramanian at <-
M\Andreas Gietl at ->
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: Marc Haber
CC: exim-users
Subject: Re: [Exim] exim as relay for latest sendmail bug?
Marc Haber wrote:
> Hi,
>
> the latest sendmail bug can be exploited by sending a message to a
> vulnerable system. Using exim as an application level gateway doesn't
> help here, since exim will happily relay the message containing the
> exploit to a vulnerable internal system.
>
> Has anybody out here done an analysis of the sendmail bug? Is it
> possible to configure exim to not relay an exploiting message, but
> instead rejecting it? I would be very interested in solutions for both
> exim 3 and exim 4.

I don't think you can do it with exim directly, unless it is a special
header, so you can check $h_XXX for a special length.

BUT, it should be easy to do with a local_scan function.

I don't know how the new sendmail-bug works, I just read about overlong
headers etc....

Nico



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Re: SPA with Outlook 2K[Exim] [PATCH] new option: smtp_accept_max_nonmail_hosts->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)