Date: August 29, 2005
If you are using AIX sendmail, you should consider the following fix to prevent spammers from using it as an open mail relay.
ftp://aix.software.ibm.com/aix/efixes/security/sendmail_3_mod.tar.Z
The exposure applies to AIX 5.3 ML1 and earlier distributions. The exposure was resolved in AIX 5.3 ML2. For more information, see
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0285
Name: CAN-2003-0285 (under review)Description: IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the
(1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled
which allows Sendmail to be used as an open mail relay for sending spam e-mail.
Bruce Spencer,
baspence@us.ibm.com
August 29, 2005