|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [USN-74-1] Postfix vulnerability
From: Wietse Venema (wietse
porcupine.org)
Date: Mon Feb 07 2005 - 08:32:42 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Erwin Lansing:
> On Mon, Feb 07, 2005 at 07:40:30AM -0500, Wietse Venema wrote:
> > Erwin Lansing:
> > > Actually, I experienced the same issue about 2 years ago on FreeBSD.
> > > It is only a problem when an ip-address is specified and not when
> > > specifying a full cidr. Apart from this issue being there since this
> > > patch was available, it can only be a problem when appying unofficial
> > > patches and not reading their docs.
> >
> > Details, please? I want to check this out in the IPv6 code that
> > is now built into Postfix.
> >
> It's quite a while ago, but AFAIR specifying
> permit_mx_backup_networks = 192.168.1.3
> turned into an open relay while
> permit_mx_backup_networks = 192.168.1.3/32
> did not.
>
> I guess Dean can provide more details.
That sound like treating 192.168.1.3 as 192.168.1.3/0 (match any
host) instead of 192.168.1.3/32 (match only 192.168.1.3).
I replaced the CIDR lookup code when I merged the IPv6 patch into
Postfix.
Wietse
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]