|
----- Original Message ----- From: "Tom Perrine" <tep@sdsc.edu> To: <BUGTRAQ@securityfocus.com> Sent: Tuesday, May 13, 2003 8:53 AM Subject: AIX sendmail open relay > This is a relatively minor problem as things go, but after almost 4 > years and at IBM's unofficial request (see the last para.)... > > > -----BEGIN PGP SIGNED MESSAGE----- > > SDSC Security Note - March 13, 2003 > IBM AIX sendmail an open-relay by default > http://security.sdsc.edu/advisories/2003.05.13-AIX-sendmail.txt > > > I. BACKGROUND > > IBM's AIX is the flagship IBM UNIX offering. Almost all versions, up > to the latest 5.2, deliberately ship as open email relays. Some IBM > patches and upgrades for Sendmail have discarded local site changes > and re-installed the vulnerable sendmail.cf. > > IBM has been notified of this problem via several channels, at various > times since October 1999. > > > II. DESCRIPTION > > IBM has chosen to ship a sendmail configuration for AIX that makes > servers as an open SMTP relay. Even though they are shipping newer > versions of Sendmail software that are not are not open by default, > IBM intentionally discards the non-relay configuration file and ships > a default sendmail.cf that makes the system an open relay. > > SDSC and other customers have notified IBM about this problem at > almost every AIX release since at least 1999. It has been an "open > issue" with IBM since that time. > > IBM's comments in 1999 (and since) have boiled down to "put your > systems behind firewalls". Later responses have been "users are > responsible for the configuration of their systems", and "our other > users insist on this default configuration". > > While we agree that users *are* responsible for the configurations of > their systems, it is unfriendly to customers to ship software that, > from the open source community is safe, but has been intentionally > made unsafe from IBM. This violates the principle of least > astonishment, and only adds to the user's workload. > > > III. ANALYSIS > > Any IBM AIX system that uses the default sendmail.cf from IBM will be > an open relay. > > SDSC discovered this and reported it for the first time in October > 1999, when we discovered during installation that our new > supercomputer (bluehorizon.sdsc.edu, an 1152 processor SP2) had the > capability to be the world's fastest SPAM relay. We replaced the > sendmail.cf with a more rational one. > > Many of IBM's AIX upgrades, have silently over-written our sendmail.cf > with a vulnerable file from IBM. We have notified IBM of this issue > at every OS release. > > As you can see from this ".mc" file from AIX 5.2, IBM has > intentionally turned on the "promiscuous_relay", > "accept_unresolvable_domains" and "accept_unqualified_senders" > features. All of these are SPAM-friendly. > > # Sample AIX file > divert(0)dnl > OSTYPE(aixsample)dnl > FEATURE(genericstable)dnl > FEATURE(mailertable)dnl > FEATURE(virtusertable)dnl > FEATURE(domaintable)dnl > FEATURE(allmasquerade)dnl > FEATURE(promiscuous_relay)dnl > FEATURE(accept_unresolvable_domains)dnl > FEATURE(accept_unqualified_senders)dnl > FEATURE(no_default_msa) > DOMAIN(generic)dnl > MAILER(local)dnl > MAILER(smtp)dnl > MAILER(uucp) > > > IV. SUMMARY > > After trying to work this through various support channels, we were > finally told, by anonymous IBM support and developers, "very > unofficially", that the only way to get this resolved would be to make > this announcement. > > Tom E. Perrine <tep@SDSC.EDU> | San Diego Supercomputer Center > http://www.sdsc.edu/~tep/ | > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/> > > iQCVAwUBPsEiMRTSxpWcaAFRAQGubgP+PULT6GXYtDRvS+Qw6Sc0IJbEOq2gG4yz > /9tMEzs692eYftt0SmC0y8tmPfe3pfG2xgad/hfnMJeEG4oTld+vElO1wKzPp3f5 > oNCFKy3eaBiiRZgN3+SjXV2EjPUT+7W1dpeoCMxl0ESFPPokbAik1JOXZWvqsZQe > kE08GUO2gME= > =LCUX > -----END PGP SIGNATURE----- >