[Simon Walter] Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

Kai Schaetzl maillists at conactive.com
Thu Dec 4 17:31:24 GMT 2008

Glenn Steen wrote on Thu, 4 Dec 2008 15:07:48 +0100:

> Now, some may argue that the RFCs prohibit a lookup from being the
> basis of a rejection, but ... the RFCs also state that blatant errors
> are to be rejected...

No. They explicitely tell to be lenient on the receiving (client) side.
Anyway, we don't need to discuss this here. I just wanted to point out that 
this specific feature is one of the few things where you can shoot yourself in 
the foot without gaining any extra revenue (blocking by HELO gives you lots of 
revenue although you may loose your foot as well ...).


Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

More information about the MailScanner mailing list