|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [USN-74-1] Postfix vulnerability
From: Victor Duchovni (Victor.Duchovni
MorganStanley.com)
Date: Mon Feb 07 2005 - 08:26:01 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Feb 07, 2005 at 03:18:23PM +0100, Erwin Lansing wrote:
> It's quite a while ago, but AFAIR specifying
> permit_mx_backup_networks = 192.168.1.3
> turned into an open relay while
> permit_mx_backup_networks = 192.168.1.3/32
> did not.
>
Postfix is safe even with permit_mx_backup_networks = 0.0.0.0/0, one is
merely offering backup MX service to anyone who requests it (in their
MX records) regardless of who they are. This not an open relay, because
the decision is in the recipient domain administrator's hands (not the
sender's).
What did the IPv6 do to make this usage unsafe?
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]