Subject: re: localhost security hole
To: Todd Vierling <>
From: matthew green <>
List: tech-security
Date: 06/29/2003 14:51:42
   : >The zone administrator (or DNS spoofer) can redirect all root mail, by
   : >adding a zone entry "localhost.dom.ain." that points to some other
   : >place than  Is this considered a feature?
   : that doesn't matter.  that will only be looked for if "localhost" by
   : itself is not found.
   ...and even that case can be cared for by using "root@localhost." (note
   trailing dot, which tells the resolver that search domains must not be

except that the address "root@localhost." is invalid.