mailscanner breaks etrn
Raymond Dijkxhoorn
raymond at PROLOCATION.NET
Thu Jan 12 00:04:09 GMT 2006
Hi!
> If I run sendmail by itself (/etc/rc.d/init.d/sendmail), etrn works:
> I have spent hours trying to figure out why mailscanner disables etrn,
> but failed. Anyone know what's up with this?
This is by design... your ETRN on a incomming sendmail, that one doesnt
have scanning, so how would you combine this? You will break things if you
do. Most likely you have to add a extra box to start using ETRN.
If MailScanner is running on a high volume mail server and if SMTP ETRN
commands are allowed, a remote attacker could create malicious emails that
would be held in the incoming mail queue (mqueue.in) for a long period of
time, which would bypass the MailScanner virus protection. An attacker
could exploit this vulnerability to launch further attacks against the
affected server.
Bye,
Raymond.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list