Re: 2.99.50s17 available as tarball. SECURITY WARNING

[Matti Aarnio <mea@nic.funet.fi>]

> So one should modify as follows?:
>
> localhost           999 ftveR
> some.host.domain    999 !NO EMAIL ACCEPTED FROM YOUR MACHINE
> \[*\]               999 ve
> *                   999 veR
> 
> to:
> 
> localhost           999 R
> some.host.domain    999 !NO EMAIL ACCEPTED FROM YOUR MACHINE
> \[*\]               999 
> *                   999 R       

That "ve" -> "" could be "." to avoid empty line.

  Yes.  Plus running smtpserver with " -s . " option instead
of " -s ve " which it likely has now.  (Closes all entrances.)

> And could the vunerability be clarified?

  Very good question.  How much could I tell without endangering
everybody's servers ?   To my knowledge I am only one who knows
its precise nature, and I would prefer it to stay that way.
I would prefer this *not* to appear at bugtraq in form of an exploit...

If there is demand, I can back-port the fix to older versions too.

> Thanks.
> -- 
> Daryle A. Tilroe      |------------------------------|
> Systems Administrator |  email: daryle@amc.ab.ca     |
> Alberta Micro. Corp.  |    Web: http://www.amc.ab.ca |

/Matti Aarnio <mea@nic.funet.fi>