mailscanner breaks etrn

Dan Hollis spamtrap71892316634 at ANIME.NET
Thu Jan 12 00:17:52 GMT 2006

On Thu, 12 Jan 2006, Raymond Dijkxhoorn wrote:
>> If I run sendmail by itself (/etc/rc.d/init.d/sendmail), etrn works:
>> I have spent hours trying to figure out why mailscanner disables etrn, but 
>> failed. Anyone know what's up with this?
> This is by design... your ETRN on a incomming sendmail, that one doesnt have 
> scanning, so how would you combine this? You will break things if you do. 
> Most likely you have to add a extra box to start using ETRN.
> If MailScanner is running on a high volume mail server and if SMTP ETRN 
> commands are allowed, a remote attacker could create malicious emails that 
> would be held in the incoming mail queue ( for a long period of 
> time, which would bypass the MailScanner virus protection. An attacker could 
> exploit this vulnerability to launch further attacks against the affected 
> server.

you can restrict what IP addresses are allowed ETRN via a local ruleset.
sendmail book 3rd edition, chapter 19. see check_etrn policy rule set.

so this is no problem whatsoever.


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list