Bug#267708: marked as done (verify sender should be after the header checks in the 30_exim4-config_check_rcpt acl file)
Debian Bug Tracking System
owner@bugs.debian.org
Wed, 05 Jan 2005 03:03:57 -0800
Your message dated Wed, 05 Jan 2005 05:47:26 -0500
with message-id <E1Cm8hK-0005jm-00@newraff.debian.org>
and subject line Bug#267708: fixed in exim4 4.34-10
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 24 Aug 2004 01:11:41 +0000
>From mfedyk@matchmail.com Mon Aug 23 18:11:41 2004
Return-path: <mfedyk@matchmail.com>
Received: from ip67-95-245-82.z245-95-67.customer.algx.net (fileserver.matchmail.com) [67.95.245.82]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BzPqf-0004ww-00; Mon, 23 Aug 2004 18:11:41 -0700
Received: from mfedyk by fileserver.matchmail.com with local (Exim 4.34)
id 1BzPq8-00047M-0T; Mon, 23 Aug 2004 18:11:08 -0700
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Mike Fedyk <mfedyk@matchmail.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: verify sender should be after the header checks in the
30_exim4-config_check_rcpt acl file
X-Mailer: reportbug 2.63
Date: Mon, 23 Aug 2004 18:11:07 -0700
Message-Id: <E1BzPq8-00047M-0T@fileserver.matchmail.com>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: exim4
Version: 4.34-4
Severity: minor
Tags: patch
Why hit the remote server if the headers could be bad before?
This is just a move to lower in the file, no modifications to the lines.
--- 30_exim4-config_check_rcpt~ 2004-08-23 16:30:25.000000000 -0700
+++ 30_exim4-config_check_rcpt 2004-08-23 18:05:29.000000000 -0700
@@ -51,15 +51,6 @@
accept local_parts = postmaster
domains = +local_domains
- # Deny unless the sender address can be verified.
- #
- # This is disabled by default so that DNSless systems don't break. If
- # your system can do DNS lookups without delay or cost, you might want
- # to enable the following line.
- deny message = Sender verification failed
- !acl = acl_whitelist_local_deny
- !verify = sender
-
# Warn if the sender host does not have valid reverse DNS.
#
# This is disabled by default so that DNSless systems don't break. If
@@ -95,6 +86,15 @@
{CONFDIR/local_host_blacklist}\
{}}
+ # Deny unless the sender address can be verified.
+ #
+ # This is disabled by default so that DNSless systems don't break. If
+ # your system can do DNS lookups without delay or cost, you might want
+ # to enable the following line.
+ deny message = Sender verification failed
+ !acl = acl_whitelist_local_deny
+ !verify = sender
+
#############################################################################
# There are no checks on DNS "black" lists because the domains that contain
-- Package-specific info:
Exim version 4.34 #1 built 27-Jul-2004 18:06:50
Copyright (c) University of Cambridge 2004
Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (May 26, 2004)
Support for: iconv() IPv6 GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configuration file is /var/lib/exim4/config.autogenerated
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (7221, 'testing'), (711, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-1-686
Locale: LANG=C, LC_CTYPE=C
Versions of packages exim4 depends on:
ii exim4-base 4.34-4 EXperimental Internal Mailer -- a
ii exim4-daemon-light 4.34-4 Lightweight version of the Exim (v
-- no debconf information
---------------------------------------
Received: (at 267708-close) by bugs.debian.org; 5 Jan 2005 10:49:33 +0000
>From katie@ftp-master.debian.org Wed Jan 05 02:49:33 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cm8jM-0006Ci-00; Wed, 05 Jan 2005 02:49:32 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cm8hK-0005jm-00; Wed, 05 Jan 2005 05:47:26 -0500
From: Andreas Metzler <ametzler@debian.org>
To: 267708-close@bugs.debian.org
X-Katie: $Revision: 1.54 $
Subject: Bug#267708: fixed in exim4 4.34-10
Message-Id: <E1Cm8hK-0005jm-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Wed, 05 Jan 2005 05:47:26 -0500
Delivered-To: 267708-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: exim4
Source-Version: 4.34-10
We believe that the bug you reported is fixed in the latest version of
exim4, which is due to be installed in the Debian FTP archive:
exim4-base_4.34-10_i386.deb
to pool/main/e/exim4/exim4-base_4.34-10_i386.deb
exim4-config_4.34-10_all.deb
to pool/main/e/exim4/exim4-config_4.34-10_all.deb
exim4-daemon-heavy_4.34-10_i386.deb
to pool/main/e/exim4/exim4-daemon-heavy_4.34-10_i386.deb
exim4-daemon-light_4.34-10_i386.deb
to pool/main/e/exim4/exim4-daemon-light_4.34-10_i386.deb
exim4_4.34-10.diff.gz
to pool/main/e/exim4/exim4_4.34-10.diff.gz
exim4_4.34-10.dsc
to pool/main/e/exim4/exim4_4.34-10.dsc
exim4_4.34-10_all.deb
to pool/main/e/exim4/exim4_4.34-10_all.deb
eximon4_4.34-10_i386.deb
to pool/main/e/exim4/eximon4_4.34-10_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 267708@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <ametzler@debian.org> (supplier of updated exim4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 5 Jan 2005 10:39:03 +0100
Source: exim4
Binary: eximon4 exim4-daemon-custom exim4-daemon-heavy exim4-base exim4 exim4-daemon-light exim4-config
Architecture: source i386 all
Version: 4.34-10
Distribution: unstable
Urgency: high
Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description:
exim4 - An MTA (Mail Transport Agent)
exim4-base - EXperimental Internal Mailer -- a Mail Transport Agent
exim4-config - Debian configuration for exim4
exim4-daemon-heavy - Exim (v4) with extended features, including exiscan-acl
exim4-daemon-light - Lightweight version of the Exim (v4) MTA
eximon4 - X monitor for the Exim (v4) mail transport agent
Closes: 267708 286302
Changes:
exim4 (4.34-10) unstable; urgency=high
.
* urgency high because this upload fixes two minor security issues.
* more documentation for dc_localdelivery in update-exim4.conf.8.
* Move slightly more expensive tests in rcpt ACL further down. (This only
changes commented out example code.) (Closes: #267708)
* Fix 62_statvfs to work with older versions of dpatch. (Closes: #286302)
* Version dpatch build-dependency to safeguard against reintroducing this
bug.
* In comment point out that using saslauthd for SMTP AUTH requires giving
exim privileges to use it.
* New patch 66_can2005-0021_can2005-0022.dpatch from
http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html
fixing two buffer overflows labeled CAN-2005-0021 and CAN-2005-0022
(mh/am).
Files:
a2f2bfb19c2356738196f771955c4c94 1075 mail important exim4_4.34-10.dsc
ab2f40e144a8d67b3a23066fd07e4df7 538592 mail important exim4_4.34-10.diff.gz
6de52e956ff680ccbbc162aa22f81a83 791964 mail important exim4-base_4.34-10_i386.deb
0bc83ce95ec9856412297286d2f94fa0 347866 mail important exim4-daemon-light_4.34-10_i386.deb
45ff73e70bb87cecb1d50cba1df5256a 71576 mail optional eximon4_4.34-10_i386.deb
ea6c7941f8c04ee192dd2d6ccd78d072 417040 mail optional exim4-daemon-heavy_4.34-10_i386.deb
5e2e01d319cfa63ebe53ce3a5d996db9 210388 mail important exim4-config_4.34-10_all.deb
c5ddd7578a06086095a187b53f216544 1198 mail important exim4_4.34-10_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB273RHTOcZYuNdmMRAp8hAJwKPHOXdeI7likPCDIiLVv6BzHevQCfTCcj
OTie8JRNQTasoO6rG5miz0g=
=8jvS
-----END PGP SIGNATURE-----