Subject: Re: localhost security hole
To: NetBSD security list <>
From: Alan Barrett <>
List: tech-security
Date: 06/29/2003 10:56:57
On Sun, 29 Jun 2003, Andrew Brown wrote:
> >  -D{MTAHost}[localhost]
> >  +D{MTAHost}[]
> >
> >and, with that change, sendmail on my test system no longer connects to
> > (which is the IP address of in my test
> >environment).
> that may be, but it's specific to ipv4.  what about about ipv6
> systems, where is not a local ip address?

Then use D{MTAHost}[::1] on IPv6 systems.

> otoh, the name localhost maps to an address in both spaces.

OK, so use D{MTAHost}[localhost.] (with a trailing dot).  This setting
is used to create network connections from smmsp to sendmail on the
local host; it is not used as part of any email address, so trailing
dots are legal here.  Using localhost without a trailing dot means that it is
subject to sendmail's stupid host name qualification, so it could be
redirected to the wrong IP address if localhost.${domain} does not map to or ::1.

--apb (Alan Barrett)