Subject: re: localhost security hole
To: Todd Vierling <>
From: matthew green <>
List: tech-security
Date: 06/29/2003 15:12:28
   :    : that doesn't matter.  that will only be looked for if "localhost" by
   :    : itself is not found.
   :    ...and even that case can be cared for by using "root@localhost." (note
   :    trailing dot, which tells the resolver that search domains must not be
   :    used).
   : except that the address "root@localhost." is invalid.
   s/is invalid/may require adding "localhost." to the local-host-names list/

no.  any address of the form "user@host." is invalid.  eg, postfix
tells me:

	<root@localhost.>: bad host/domain syntax: "localhost."

i believe sendmail used to fail to deliver to such addresses
as well (i haven't used it for so long....)

i believe it is RFC required.