[Mailman-Users] Problems with SMTPDirect / Security Bug?
Pablo Alsina
palsina at chasque.net
Tue May 23 11:14:56 CEST 2000
On Tue, 23 May 2000, Nigel Metheringham wrote:
> palsina at chasque.net said:
> > Using SMTPDirect as delivery module just times out, not sending any
> > mail out. I used Sendmail as MTA, and saw a few messages on this board
> > suggesting that Postfix was faster, so I replaced sendmail with
> > Postfix.
>
> You are running a SMTP daemon on 127.0.0.1 [or actually on whatever
> address SMTPHOST is set to]?
>
> If you telnet to that address/port do you see the initial SMTP banner
> in a reasonable length of time? Can you then go through the basic SMTP
> commands that would be used for sending a message (HELO, MAIL FROM,
> RCPT TO) and have it turn those round in reasonable time?
> Its most likely the MTA that is misconfigured - either not listening,
> or trying to verify everything and taking lots of time about it.
My SMTP daemon is running locally. SMTPHOST is set to the servers public
name and SMTPPORT is set to 25. Doing 'telnet [SMTPHOST] [SMTPPORT]'
connects in less than 1 second, and allows me to send mail out with no
delays.
Why is SMTP_MAX_RCPTS not used in the code? Shouln't this be a solution?
> > Looking at the code, I see that the recipient list is not sanatized
> > before invoking the shell. Unless I'm wrong, one could subscribe an
> > 'larry;command_here;@none.com' and make the command_here to get
> > executed!
>
> Ugh. I'm going to repeat my comment that I don't think Sendmail.py is
> ready for prime time.
I would be happy not using it, but it seems like the only way to get the
it working. Is someone using MailMan and SMTPDirect to handle a 3000+
subs. mailing list with success?
Thanks for your help.
Pablo
More information about the Mailman-Users
mailing list