=========================================================================== SCO Security Bulletin 00.11 20 April 2000 Sendmail configuration for SMTP anti-relay --------------------------------------------------------------------------- I. Description Sendmail configuration for UnixWare 7 Release 7.0 and 7.0.1 and SCO OpenServer Release 5.0.5 does not have the SMTP anti-relay enabled by default. II. Impact It is a common tactic among spammers to use other machines as an SMTP relay to make their mail appear as if does not come from their site. Without anti-relay enabled, you are open to abuse by spammers who wish to use your machine as an intermediate hop in delivery of email. This may both put an unreasonable amount of traffic on your machine and eventually mark you as a spam-producing site whose email will be refused by others. III. Releases This bulletin addresses the solution for UnixWare 7 Release 7.0 and 7.0.1 and SCO OpenServer Release 5.0.X. This bulletin does not apply to UnixWare 7 Release 7.1.0 or 7.1.1-- anti-relay for sendmail is enabled by default on those releases. IV. Solution UnixWare 7 Release 7.0.X: The sendmail check_rcpt ruleset which implements anti-relay already exists in the default /etc/sendmail.cf shipped with the product. To enable this ruleset and configure a list of trusted hosts from which relay is allowed, follow the instructions detailed in the online SCOhelp documentation: Mail and Messaging -> Administering Mail and Messaging -> Managing spam -> Prevention of forged-spam email via sendmail (relay disable) SCO OpenServer Release 5.0.5: The sendmail check_rcpt ruleset which implements anti-relay already exists in the default /usr/lib/sendmail.cf shipped with the product. To enable this ruleset and configure a list of trusted hosts from which relay is allowed, follow the instructions detailed in the following file on your system: /usr/lib/mail/antispam/README.spam SCO OpenServer Releases prior to 5.0.5: If you have an OpenServer release prior to 5.0.5, we suggest you update to sendmail version 8.8.8 if you have not already done so. You may obtain system security enhancement SSE022 containing a custom installable image for sendmail 8.8.8 from the SCO FTP Archive Site: ftp://ftp.sco.com/SSE/sse022.ltr sse022.tar The new sendmail.cf configuration file that comes with this SSE contains the check_rcpt ruleset needed for the anti-relay feature. To enable this ruleset and configure a list of trusted hosts from which relay is allowed, follow the instructions detailed in the following file installed on your system by the SSE: /usr/lib/mail/antispam/README.spam V. Updates The latest information on security vulnerabilities and fixes from SCO is available on the world-wide web at http://www.sco.com/security/ VI. Further Information: If you have further questions, contact your support provider. If you need to contact SCO, please send electronic mail to support@sco.COM, or contact SCO as follows. USA/Canada: 6am-5pm Pacific Time (PST/PDT) ----------- 1-800-347-4381 (voice) 1-408-427-5443 (fax) Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific ------------------------------------------------ Time (PST/PDT) 1-408-425-4726 (voice) 1-408-427-5443 (fax) Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST) ---------------------------- +44 (0)1923 816344 (voice) +44 (0)1923 817781 (fax)