From owner-freebsd-hackers Tue Nov 19 03:20:44 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id DAA27989 for hackers-outgoing; Tue, 19 Nov 1996 03:20:44 -0800 (PST) Received: from dg-rtp.dg.com (dg-rtp.rtp.dg.com [128.222.1.2]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id DAA27966 for ; Tue, 19 Nov 1996 03:20:35 -0800 (PST) Received: by dg-rtp.dg.com (5.4R3.10/dg-rtp-v02) id AA29476; Tue, 19 Nov 1996 06:20:04 -0500 Received: from ponds by dg-rtp.dg.com.rtp.dg.com; Tue, 19 Nov 1996 06:20 EST Received: from lakes.water.net (lakes [10.0.0.3]) by ponds.water.net (8.7.5/8.7.3) with ESMTP id FAA02287; Tue, 19 Nov 1996 05:41:58 -0500 (EST) Received: (from rivers@localhost) by lakes.water.net (8.7.5/8.6.9) id FAA04667; Tue, 19 Nov 1996 05:43:45 -0500 (EST) Date: Tue, 19 Nov 1996 05:43:45 -0500 (EST) From: Thomas David Rivers Message-Id: <199611191043.FAA04667@lakes.water.net> To: marcs@znep.com, ponds!mail.id.net!rls Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Cc: ponds!freebsd.org!freebsd-hackers, ponds!keltia.freenix.fr!roberto Content-Type: text Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > [moved to -hackers from security. It started with a discussion of > sendmail with uucp; I stated that sendmail still tries to use DNS no > matter how you configure it and you have to recompile it to make it stop.] > > On Mon, 18 Nov 1996, Robert Shady wrote: > > > > Incorrect. It RUNS without DNS but still TRIES to use it. If you really > > > don't have IP connectivity, then difference doesn't matter because it > > > still works when the lookup fails, however it still does try and the > > > difference does matter if you have partial IP connectivity. I have a > > > system setup with nocanonify and all the other config file tweaks I know > > > of, and it still tries to use DNS as a tcpdump shows quite clearly. This > > > system is running 8.7.5, so things may have been changed in more recent > > > versions but I can't say for sure; if this has changed in more recent > > > versions, please let me know. > > > > > > I _think_ the define that needs to be set to 0 is NAMED_BIND, but don't > > > recall for sure. This has been gone over before on the lists. > > > > Out of curiosity, what interface exactly are you looking at if you aren't > > running tcp/ip? > > I am running TCP/IP, however only sometimes; ie. a dial on demand > connection. If it isn't recompiled, no matter how you configure it, > sendmail will try a DNS lookup for each bit of mail it receives, causing > the dial on demand link to come up. I am looking at the ppp (tun0) > interface. If you don't have IP running, or you don't have a route to a > nameserver, or you don't have a nameserver, you won't notice the lookup > but it still tries and, in this case, fails immediately. > > > Yes - we went through this when 2.1.5-RELEASE was created. Several people refered to the documentation that indicates you can (via your sendmail.cf) have sendmail not use DNS... but I was unable to make these work. If you compile sendmail (at least the version that originally came with 2.1.5) with the right options (they are discussed in the compile-time configuration include file) - you can disable use of DNS. This is what I, eventually, had to do. You'll find the entire discussion of this in the mail archives. - Dave Rivers -