Subject: Re: localhost security hole
To: Andrew Brown <atatat@atatdot.net>
From: Martin Husemann <martin@duskware.de>
List: tech-security
Date: 06/29/2003 23:59:38
On Sat, Jun 28, 2003 at 02:14:04PM -0400, Andrew Brown wrote:
> sendmail knows to deliver to "localhost".
If this involves any kind of network address lookup, something is broken
(IMHO). The whole scenario sounds very, very suboptimal. How many daemons and
queues are involved, before a mail to "root" makes it to /var/mail/root?
What about changing the default /etc/mailerconfig to only run mail.local?
(duck)
Martin