-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/07/2011 09:18 AM, Timo Sirainen wrote:
On Tue, 2011-06-07 at 09:10 -0500, Matt Brookings wrote:
Unfortunately, the 5.4 branch does not understand "::1" as the loopback, and it parses the value incorrectly, leading to an open relay situation. Not all systems allow localhost to relay via SMTP without authentication.
Doesn't it also mean that if someone connects via a remote IPv6 address, it again leads to open relay? How about the attached patch instead?
Many systems will be running other qmail and vpopmail services from the ucspi-tcp package which may not be patched to support IPv6. As a result, when connecting to "::1", it will be translated to 127.0.0.1, and as I said before, some systems will not allow localhost to send without authentication.
I understand it's introducing a hackish fix into your project, but I will submit a new patch that updates this block of code when a proper solution that will work across the various system configurations is determined.
It still seems safer to me to ignore all IPv6 addresses rather than ::1 specifically. And as I understand it works just as well normally with both ways?
That will be fine. As long as it doesn't pass the IPv6 strings, and the ifdef name is changed, all should work.
Thanks!
/* Matt Brookings matt@inter7.com GnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3uiHsACgkQIwet2/rgZyw9PACcDHqW65HrFOn0ICSdOzCDoZRB 4F8AoIbftJIhfH/x8YOf4uKKtIbL3ORs =tskj -----END PGP SIGNATURE-----