[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | SEAL |
|
| Moderator: | GALVIA::SMITH |
|
| Created: | Mon Mar 21 1994 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1989 |
| Total number of notes: | 8209 |
1777.0. "smtpxd patch how does it compromise security?" by BACHUS::DOBBENI () Thu Feb 06 1997 09:38
Hello,
There is a patch available for smtpxd and x400 style mail addresses. The
patch.sh indicates there is a switch to allow addresses starting with a '/'.
It states that this makes the the smtpxd less secure and that we,(Digital) do
not recommend this.
exract of the file:
# D..This patch kit also includes a new option which enables the
# administrator to prevent the rejection of mail addresses beginning
# with a "/".
# To allow mail addresses beginning with a "/" to be forwarded by
# smptxd, add the following line to the smptxd.conf file.
# allow_slash=TRUE
# It must be noted that implementation of this feature reduces the
# security checking of the mail subsystem and therefore increases its
# vulnerability. We do not advise that this change be made to
# smtpxd.conf.
Could someone explane how this makes the mail susbsystem less secure, what are
the possible risks?
Thanks,
Mia
| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 1777.1 | note 1269 | GALVIA::KEATING | | Fri Feb 07 1997 04:47 | 5 |
|
Please refer to note 1269 and its replies for both the patch announcement
and details of security implications.
Sarah
|
| 1777.2 | Thanks | BACHUS::DOBBENI | | Fri Feb 14 1997 03:26 | 3 |
| Thanks, missed that one
Mia
|