next message in archive
no next message in thread
previous message in archive
Index of Subjects
Apparently a security vulnerability has been discovered in all releases of
ZMailer up until today. So far no information on the hole has been
disclosed. The workaround is simple though.
Edit $CS_ROOT/etc/zmailer.conf . Around line 14 you'll see:
SMTPOPTIONS="-asve -l /var/csuite/log/mail/smtpserver"
Change the "-asve" to "-a -s ''":
SMTPOPTIONS="-a -s '' -l /var/csuite/log/mail/smtpserver"
Then restart the smtpserver with
# /var/csuite/etc/mail/bin/zmailer kill smtpserver
# /var/csuite/etc/mail/bin/zmailer smtpserver
---------- Forwarded message ----------
Date: Tue, 11 May 1999 01:39:43 +0300
From: Matti Aarnio <mea@nic.funet.fi>
To: zmailer@nic.funet.fi
Subject: 2.99.50s17 available as tarball. SECURITY WARNING
Location:
ftp://ftp.funet.fi/pub/unix/mail/zmailer/src/
There are new things:
- There is a SECURITY FAULT in all ZMailer smtpservers that
allow running router in interactive mode to assist/do address
analysis with user inputs. This fault exists in *ALL* versions
of ZMailer previous to this one! (even 2.2.1 !)
Circumvention:
DO NOT allow running router for EXPN, VRFY, MAIL FROM, RCPT TO !
You can disable those by removing characters 'e v f t' from the
style flags at the $MAILSHARE/smtpserver.conf
(Or to -s option of the smtpserver either. Default for that
option is 've', so you MUST supply option: -s '' which
zeroes the enable flag set.)
Fix:
That fault is corrected at this release, but if you tinker with
your router configuration scripts, you may open up new holes.
That is why running of the interactive router is made *difficult*,
you *have to* be aware that you are doing it!
( C.Y.A. -- or rather C.M.A. ... )
- Smtpserver speaks TLSv1/SSLv3 at the SMTP socket, if desired.
(uses OpenSSL library, very new source version..)
- Smtpserver Implements "AUTH LOGIN" in a way which is compatible
with plaintext implemented by M$ Outlook Express (at IE4 ? or IE5 ?)
The TLS/SSL works here too.
- Smtpserver Implements "AUTH=LOGIN" in a way which is for the
Netscape Communicator per NS specs; TLS/SSL works too.
- A bug-circumvention for Linux/i386 glibc 2.1.1 library problem.
(smtpserver thing this too)
- smtpserver reports normally only single-line replies for all
protocol replies; Many (all?) M$ things seem to be unable to
understand RFC 821 Appendix E multiline replies :-(
- smtpserver has RBL machinery for IPv6 too, propably way ahead
of its time...
(things before that are in 2.99.50s15)
And of course there are known bugs which I haven't fixed yet:
(but they aren't fatal for common usage cases)
router:
Input header:
Cc: "\"\\"\\\"\\\\"\\\\\"'\\\\\\"Prof. dr J. Wil Foppen\\\\\\" <wfoppen@rsm.nl>' \\\\\"
<\\\\\"Prof. dr J. Wil Foppen\\\\\"\\\\"\\\"\\"\"" <wfoppen@rsm.nl>
--> SEGV
scheduler:
mailq reported accounting counters seem to leak about recipients
storage gauge:
Kids: 168 Idle: 153 Msgs: 1986 Thrds: 58 Rcpnts: 2499 Uptime: 22d20h
Msgs in 73760 out 71774 stored 1986 Rcpnts in 4424888 out 4422854 stored 774896
/Matti Aarnio <mea@nic.funet.fi>
next message in archive
no next message in thread
previous message in archive
Index of Subjects