Subject: Re: localhost security hole
To: NetBSD security list <tech-security@netbsd.org>
From: Alan Barrett <apb@cequrux.com>
List: current-users
Date: 06/28/2003 18:11:24
On Sat, 28 Jun 2003, Christian Limpach wrote:
> Index: gnu/usr.sbin/sendmail/cf/cf/netbsd-msp.mc
> @@ -2,4 +2,4 @@
>  include(`../m4/cf.m4')
>  VERSIONID(`@(#)netbsd-msp.mc   $Revision: 1.2 $')
>  OSTYPE(bsd4.4)dnl
> -FEATURE(`msp')dnl
> +FEATURE(`msp', `[127.0.0.1]')dnl

Thank you!  The above change to netbsd-msp.mc causes the following change to
netbsd-msp.cf (which is also installed as /etc/mail/submit.cf):

  -D{MTAHost}[localhost]
  +D{MTAHost}[127.0.0.1]

and, with that change, sendmail on my test system no longer connects to
10.2.3.4 (which is the IP address of localhost.example.net in my test
environment).

--apb (Alan Barrett)