From alane@geeksrus.net  Sun Jan 13 17:59:25 2002
Return-Path: <alane@geeksrus.net>
Received: from wwweasel.geeksrus.net (wwweasel.geeksrus.net [64.67.200.82])
	by hub.freebsd.org (Postfix) with ESMTP id 27A5237B404
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 13 Jan 2002 17:59:24 -0800 (PST)
Received: (from alane@localhost)
	by wwweasel.geeksrus.net (8.11.6/8.11.6) id g0E1wXC85902;
	Sun, 13 Jan 2002 20:58:33 -0500 (EST)
	(envelope-from alane)
Message-Id: <200201140158.g0E1wXC85902@wwweasel.geeksrus.net>
Date: Sun, 13 Jan 2002 20:58:33 -0500 (EST)
From: Alan Eldridge <ports@geeksrus.net>
Reply-To: Alan Eldridge <ports@geeksrus.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: freebsd.mc enables relay_based_on_MX: open-relay vulnerability
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         33855
>Category:       conf
>Synopsis:       freebsd.mc enables relay_based_on_MX: open-relay vulnerability
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gshapiro
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 13 18:00:03 PST 2002
>Closed-Date:    Sat Feb 23 18:51:25 PST 2002
>Last-Modified:  Sat Feb 23 18:51:37 PST 2002
>Originator:     Alan Eldridge
>Release:        FreeBSD 4.4-STABLE i386
>Organization:
Geeksrus.NET
>Environment:
System: FreeBSD wwweasel.geeksrus.net 4.4-STABLE FreeBSD 4.4-STABLE #0: Sun Dec 2 19:14:12 EST 2001 root@wwweasel.geeksrus.net:/usr/obj/usr/src/sys/WWWEASEL i386

>Description:

The default mailer configuration enables "relay_based_on_MX". This feature
is dangerous, as it can allow outsiders to use the system as an incoming mail
relay without the owner's permission. 

<paranoia>
A spammer could use this feature to cause a host to appear in the
chain of "Received from:" headers of a spam run, thus landing the
host on various blacklists and seriously impeding the ability to send
mail from the system. Since spammers like to involve uninterested
third parties in their mailings as a misdirection technique, this is
not that far-fetched, unfortunately.
</paranoia>

>How-To-Repeat:

>Fix:

--- patch-etc-sendmail-freebsd.mc begins here ---
--- /usr/cvsup/src/etc/sendmail/freebsd.mc	Sat Jul 14 14:07:27 2001
+++ ./freebsd.mc	Sun Jan 13 20:50:07 2002
@@ -52,7 +52,10 @@
 FEATURE(blacklist_recipients)
 FEATURE(local_lmtp)
 FEATURE(mailertable, `hash -o /etc/mail/mailertable')
-FEATURE(relay_based_on_MX)
+dnl Uncomment to allow relaying to anyone who lists this host
+dnl in a DNS MX record. This allows someone to use this host as
+dnl as incoming mailhost without permission.
+dnl FEATURE(relay_based_on_MX)
 FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
 
 dnl Uncomment to activate Realtime Blackhole List
--- patch-etc-sendmail-freebsd.mc ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->gshapiro 
Responsible-Changed-By: cjc 
Responsible-Changed-When: Mon Jan 14 23:12:46 PST 2002 
Responsible-Changed-Why:  
FreeBSD's sendmail maintainer. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=33855 
State-Changed-From-To: open->feedback 
State-Changed-By: gshapiro 
State-Changed-When: Sun Feb 17 15:52:59 PST 2002 
State-Changed-Why:  
Thanks for the patch.  Although your example is unlikely, I can think of 
some actual cases where this FEATURE() could be dangerous. 

It has been removed from freebsd.mc on the HEAD and will be MFC'ed in one 
week, at which point I will close the PR. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=33855 
State-Changed-From-To: feedback->closed 
State-Changed-By: gshapiro 
State-Changed-When: Sat Feb 23 18:51:25 PST 2002 
State-Changed-Why:  
The change has been MFC'ed to RELENG_4. 


http://www.FreeBSD.org/cgi/query-pr.cgi?pr=33855 
>Unformatted:
