[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200305131653.h4DGrr7a000757@lart.sdsc.edu>
Date: Tue, 13 May 2003 09:53:53 -0700
From: Tom Perrine <tep@...c.edu>
To: BUGTRAQ@...URITYFOCUS.COM
Subject: AIX sendmail open relay
This is a relatively minor problem as things go, but after almost 4
years and at IBM's unofficial request (see the last para.)...
-----BEGIN PGP SIGNED MESSAGE-----
SDSC Security Note - March 13, 2003
IBM AIX sendmail an open-relay by default
http://security.sdsc.edu/advisories/2003.05.13-AIX-sendmail.txt
I. BACKGROUND
IBM's AIX is the flagship IBM UNIX offering. Almost all versions, up
to the latest 5.2, deliberately ship as open email relays. Some IBM
patches and upgrades for Sendmail have discarded local site changes
and re-installed the vulnerable sendmail.cf.
IBM has been notified of this problem via several channels, at various
times since October 1999.
II. DESCRIPTION
IBM has chosen to ship a sendmail configuration for AIX that makes
servers as an open SMTP relay. Even though they are shipping newer
versions of Sendmail software that are not are not open by default,
IBM intentionally discards the non-relay configuration file and ships
a default sendmail.cf that makes the system an open relay.
SDSC and other customers have notified IBM about this problem at
almost every AIX release since at least 1999. It has been an "open
issue" with IBM since that time.
IBM's comments in 1999 (and since) have boiled down to "put your
systems behind firewalls". Later responses have been "users are
responsible for the configuration of their systems", and "our other
users insist on this default configuration".
While we agree that users *are* responsible for the configurations of
their systems, it is unfriendly to customers to ship software that,
from the open source community is safe, but has been intentionally
made unsafe from IBM. This violates the principle of least
astonishment, and only adds to the user's workload.
III. ANALYSIS
Any IBM AIX system that uses the default sendmail.cf from IBM will be
an open relay.
SDSC discovered this and reported it for the first time in October
1999, when we discovered during installation that our new
supercomputer (bluehorizon.sdsc.edu, an 1152 processor SP2) had the
capability to be the world's fastest SPAM relay. We replaced the
sendmail.cf with a more rational one.
Many of IBM's AIX upgrades, have silently over-written our sendmail.cf
with a vulnerable file from IBM. We have notified IBM of this issue
at every OS release.
As you can see from this ".mc" file from AIX 5.2, IBM has
intentionally turned on the "promiscuous_relay",
"accept_unresolvable_domains" and "accept_unqualified_senders"
features. All of these are SPAM-friendly.
# Sample AIX file
divert(0)dnl
OSTYPE(aixsample)dnl
FEATURE(genericstable)dnl
FEATURE(mailertable)dnl
FEATURE(virtusertable)dnl
FEATURE(domaintable)dnl
FEATURE(allmasquerade)dnl
FEATURE(promiscuous_relay)dnl
FEATURE(accept_unresolvable_domains)dnl
FEATURE(accept_unqualified_senders)dnl
FEATURE(no_default_msa)
DOMAIN(generic)dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(uucp)
IV. SUMMARY
After trying to work this through various support channels, we were
finally told, by anonymous IBM support and developers, "very
unofficially", that the only way to get this resolved would be to make
this announcement.
Tom E. Perrine <tep@...C.EDU> | San Diego Supercomputer Center
http://www.sdsc.edu/~tep/ |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/>
iQCVAwUBPsEiMRTSxpWcaAFRAQGubgP+PULT6GXYtDRvS+Qw6Sc0IJbEOq2gG4yz
/9tMEzs692eYftt0SmC0y8tmPfe3pfG2xgad/hfnMJeEG4oTld+vElO1wKzPp3f5
oNCFKy3eaBiiRZgN3+SjXV2EjPUT+7W1dpeoCMxl0ESFPPokbAik1JOXZWvqsZQe
kE08GUO2gME=
=LCUX
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists