[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: -x on Postfix, and a possible fix.
|
From: |
Don Armstrong |
|
Subject: |
Re: -x on Postfix, and a possible fix. |
|
Date: |
Mon, 7 Jun 2010 17:14:44 -0700 |
|
User-agent: |
Mutt/1.5.20 (2009-06-14) |
On Mon, 07 Jun 2010, Tony Shadwick wrote:
> In spamass-milter.cpp, you have this:
>
> /* open a pipe to sendmail so we can do address
> expansion */
>
> char buf[1024];
> char *fmt="%s -bv \"%s\" 2>&1";
>
> I changed it to be this instead:
>
> char *fmt="%s -q \"%s\" /etc/postfix/virtual 2>&1";
You don't want to do this. This leads to the remote exploit of
spamass-milter shown and fixed here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573228
> Huh? Why are the < and > getting left on the address? I didn't
> comment anything out that got ride of them. Have they always been
> passed to sendmail -bv?
sendmail is passed the envelope recipient directly as it is reported
to spamass-milter; '<address@hidden>' is a perfectly legitimate envelope
recipient.
Don Armstrong
--
No matter how many instances of white swans we may have observed, this
does not justify the conclusion that all swans are white.
-- Sir Karl Popper _Logic of Scientific Discovery_
http://www.donarmstrong.com http://rzlab.ucr.edu
- Re: -x on Postfix, and a possible fix., Tony Shadwick, 2010/06/07
- Re: -x on Postfix, and a possible fix.,
Don Armstrong <=
- Re: -x on Postfix, and a possible fix., Tony Shadwick, 2010/06/08
- Re: -x on Postfix, and a possible fix., Tony Shadwick, 2010/06/08
- Re: -x on Postfix, and a possible fix., Don Armstrong, 2010/06/08
- Re: -x on Postfix, and a possible fix., Tony Shadwick, 2010/06/08
- Re: -x on Postfix, and a possible fix., Tony Shadwick, 2010/06/08
- Re: -x on Postfix, and a possible fix., Don Armstrong, 2010/06/08
- Re: -x on Postfix, and a possible fix., Tony Shadwick, 2010/06/09
- Re: -x on Postfix, and a possible fix., Tony Shadwick, 2010/06/10
- Re: -x on Postfix, and a possible fix., Don Armstrong, 2010/06/10