mailscanner breaks etrn

Raymond Dijkxhoorn raymond at PROLOCATION.NET
Thu Jan 12 00:04:09 GMT 2006


> If I run sendmail by itself (/etc/rc.d/init.d/sendmail), etrn works:
> I have spent hours trying to figure out why mailscanner disables etrn, 
> but failed. Anyone know what's up with this?

This is by design... your ETRN on a incomming sendmail, that one doesnt 
have scanning, so how would you combine this? You will break things if you 
do. Most likely you have to add a extra box to start using ETRN.

If MailScanner is running on a high volume mail server and if SMTP ETRN 
commands are allowed, a remote attacker could create malicious emails that 
would be held in the incoming mail queue ( for a long period of 
time, which would bypass the MailScanner virus protection. An attacker 
could exploit this vulnerability to launch further attacks against the 
affected server.


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list