Date: Tue, 19 Nov 1996 05:43:45 -0500 (EST) From: Thomas David Rivers <ponds!rivers@dg-rtp.dg.com> To: marcs@znep.com, ponds!mail.id.net!rls Cc: ponds!freebsd.org!freebsd-hackers, ponds!keltia.freenix.fr!roberto Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Message-ID: <199611191043.FAA04667@lakes.water.net>
next in thread | raw e-mail | index | archive | help
> [moved to -hackers from security. It started with a discussion of > sendmail with uucp; I stated that sendmail still tries to use DNS no > matter how you configure it and you have to recompile it to make it stop.] > > On Mon, 18 Nov 1996, Robert Shady wrote: > > > > Incorrect. It RUNS without DNS but still TRIES to use it. If you really > > > don't have IP connectivity, then difference doesn't matter because it > > > still works when the lookup fails, however it still does try and the > > > difference does matter if you have partial IP connectivity. I have a > > > system setup with nocanonify and all the other config file tweaks I know > > > of, and it still tries to use DNS as a tcpdump shows quite clearly. This > > > system is running 8.7.5, so things may have been changed in more recent > > > versions but I can't say for sure; if this has changed in more recent > > > versions, please let me know. > > > > > > I _think_ the define that needs to be set to 0 is NAMED_BIND, but don't > > > recall for sure. This has been gone over before on the lists. > > > > Out of curiosity, what interface exactly are you looking at if you aren't > > running tcp/ip? > > I am running TCP/IP, however only sometimes; ie. a dial on demand > connection. If it isn't recompiled, no matter how you configure it, > sendmail will try a DNS lookup for each bit of mail it receives, causing > the dial on demand link to come up. I am looking at the ppp (tun0) > interface. If you don't have IP running, or you don't have a route to a > nameserver, or you don't have a nameserver, you won't notice the lookup > but it still tries and, in this case, fails immediately. > > > Yes - we went through this when 2.1.5-RELEASE was created. Several people refered to the documentation that indicates you can (via your sendmail.cf) have sendmail not use DNS... but I was unable to make these work. If you compile sendmail (at least the version that originally came with 2.1.5) with the right options (they are discussed in the compile-time configuration include file) - you can disable use of DNS. This is what I, eventually, had to do. You'll find the entire discussion of this in the mail archives. - Dave Rivers -
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611191043.FAA04667>