[Simon Walter] Re: Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

Martin Hepworth maxsec at gmail.com
Tue Dec 9 13:54:00 GMT 2008


2008/12/9  <simon.walter at hp-factory.de>:
> Hi,
>
>> Send me mail from a badly setup domain, and you better not be surprised
>> when I don't accept it. The RFC makes it very clear that MX records can
>> only point to A records and not to CNAME records.
>> Get your DNS fixed and I will happily accept your mail.
>> :-)
>
> Yeah, I have got that...
> I can't get my DNS fixed because it's not mine. I have to wait till
> someone else does it and I don't know when that will happen.
>
> Funny how everybody focuses on this little, unimportant, technical problem
> but ignores the real cause of my mail.
>
> Did you read my first mail which started thsi thread?
>
> --
> Regards
> Simon
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


the 'other' problem you got is that you're running an ancient version
of mailscanner (which many debian users do). latest version is
4.73.4-2. If you install that ( via the tar.gz generic installer or a
more upto date debian respository) you may find the issue has already
been fixed.


-- 
Martin Hepworth
Oxford, UK


More information about the MailScanner mailing list