[976] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] sendmail security

daemon@ATHENA.MIT.EDU (Kai Henningsen)
Sat Jul 27 10:59:19 1996

Date: 27 Jul 1996 10:36:00 +0200
From: kai@khms.westfalen.de (Kai Henningsen)
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <E0uiuMn-0000KO-00@stdismas.bogon.com>

rbulling@obscure.org (Richard Bullington)  wrote on 26.07.96 in <Pine.LNX.3.94.960726035841.824B-100000@marduk.obscure.org>:

[REW: deleted stuff]

I believe this is configurable, though I can't say how off the top of my  
head, and can't look it up right now.

[REW: It is configurable, deleted some more.]

Well, there's RFC 1123, Requirements for Internet Hosts -- Application and  
Support (which is mainly a clarification of earlier RFCs), which has:


      5.2.8  DATA Command: RFC-821 Section 4.1.1

         Every receiver-SMTP (not just one that "accepts a message for
         relaying or for final delivery" [SMTP:1]) MUST insert a
         "Received:" line at the beginning of a message.  In this line,
         called a "time stamp line" in RFC-821:

         *    The FROM field SHOULD contain both (1) the name of the
              source host as presented in the HELO command and (2) a
              domain literal containing the IP address of the source,
              determined from the TCP connection.

[REW: deleted some more. If I'm not mistaken "SHOULD" is explained to
mean the same as "MUST" in the RFC's.]

No doubt the new mail RFCs the DRUMS working group is currently preparing  
(drums[-request]@cs.utk.edu) will include this stuff.


MfG Kai

home help back first fref pref prev next nref lref last post