From owner-freebsd-security  Tue Aug 12 18:57:40 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id SAA08917
          for security-outgoing; Tue, 12 Aug 1997 18:57:40 -0700 (PDT)
Received: from lucy.az.com (lucy.az.com [204.57.139.2])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA08906
          for <security@freebsd.org>; Tue, 12 Aug 1997 18:57:33 -0700 (PDT)
Received: (from yankee@localhost)
	by lucy.az.com (8.8.5/8.8.5) id SAA03812;
	Tue, 12 Aug 1997 18:52:24 -0700 (PDT)
Date: Tue, 12 Aug 1997 18:52:24 -0700 (PDT)
From: "az.com" <yankee@lucy.az.com>
To: security@freebsd.org
Subject: sendmail 553
Message-ID: <Pine.BSF.3.91.970812184239.3397A-100000@lucy.az.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Has anyone added the external gateway refusal modifications to sendmail's 
checkcompat(to, e) function? (dsn 5.1.7, sendmail 553)

This let's some hijacking through and shouldn't:

do
{

        if (strcmp(to->q_mailer, "local") != 0 )

        {
                usrerr("553 Gateway access denied.");
                to->q_status = "5.7.1";
                return (EX_UNAVAILABLE);
        }

} while (to = to->q_next);

        return (EX_OK);
}