[976] in linux-security and linux-alert archive
Re: [linux-security] sendmail security
daemon@ATHENA.MIT.EDU (Kai Henningsen)
Sat Jul 27 10:59:19 1996
Date: 27 Jul 1996 10:36:00 +0200
From: kai@khms.westfalen.de (Kai Henningsen)
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <E0uiuMn-0000KO-00@stdismas.bogon.com>
rbulling@obscure.org (Richard Bullington) wrote on 26.07.96 in <Pine.LNX.3.94.960726035841.824B-100000@marduk.obscure.org>:
[REW: deleted stuff]
I believe this is configurable, though I can't say how off the top of my
head, and can't look it up right now.
[REW: It is configurable, deleted some more.]
Well, there's RFC 1123, Requirements for Internet Hosts -- Application and
Support (which is mainly a clarification of earlier RFCs), which has:
5.2.8 DATA Command: RFC-821 Section 4.1.1
Every receiver-SMTP (not just one that "accepts a message for
relaying or for final delivery" [SMTP:1]) MUST insert a
"Received:" line at the beginning of a message. In this line,
called a "time stamp line" in RFC-821:
* The FROM field SHOULD contain both (1) the name of the
source host as presented in the HELO command and (2) a
domain literal containing the IP address of the source,
determined from the TCP connection.
[REW: deleted some more. If I'm not mistaken "SHOULD" is explained to
mean the same as "MUST" in the RFC's.]
No doubt the new mail RFCs the DRUMS working group is currently preparing
(drums[-request]@cs.utk.edu) will include this stuff.
MfG Kai