This is a relatively minor problem as things go, but after almost 4 years and at IBM's unofficial request (see the last para.)... -----BEGIN PGP SIGNED MESSAGE----- SDSC Security Note - March 13, 2003 IBM AIX sendmail an open-relay by default http://security.sdsc.edu/advisories/2003.05.13-AIX-sendmail.txt I. BACKGROUND IBM's AIX is the flagship IBM UNIX offering. Almost all versions, up to the latest 5.2, deliberately ship as open email relays. Some IBM patches and upgrades for Sendmail have discarded local site changes and re-installed the vulnerable sendmail.cf. IBM has been notified of this problem via several channels, at various times since October 1999. II. DESCRIPTION IBM has chosen to ship a sendmail configuration for AIX that makes servers as an open SMTP relay. Even though they are shipping newer versions of Sendmail software that are not are not open by default, IBM intentionally discards the non-relay configuration file and ships a default sendmail.cf that makes the system an open relay. SDSC and other customers have notified IBM about this problem at almost every AIX release since at least 1999. It has been an "open issue" with IBM since that time. IBM's comments in 1999 (and since) have boiled down to "put your systems behind firewalls". Later responses have been "users are responsible for the configuration of their systems", and "our other users insist on this default configuration". While we agree that users *are* responsible for the configurations of their systems, it is unfriendly to customers to ship software that, from the open source community is safe, but has been intentionally made unsafe from IBM. This violates the principle of least astonishment, and only adds to the user's workload. III. ANALYSIS Any IBM AIX system that uses the default sendmail.cf from IBM will be an open relay. SDSC discovered this and reported it for the first time in October 1999, when we discovered during installation that our new supercomputer (bluehorizon.sdsc.edu, an 1152 processor SP2) had the capability to be the world's fastest SPAM relay. We replaced the sendmail.cf with a more rational one. Many of IBM's AIX upgrades, have silently over-written our sendmail.cf with a vulnerable file from IBM. We have notified IBM of this issue at every OS release. As you can see from this ".mc" file from AIX 5.2, IBM has intentionally turned on the "promiscuous_relay", "accept_unresolvable_domains" and "accept_unqualified_senders" features. All of these are SPAM-friendly. # Sample AIX file divert(0)dnl OSTYPE(aixsample)dnl FEATURE(genericstable)dnl FEATURE(mailertable)dnl FEATURE(virtusertable)dnl FEATURE(domaintable)dnl FEATURE(allmasquerade)dnl FEATURE(promiscuous_relay)dnl FEATURE(accept_unresolvable_domains)dnl FEATURE(accept_unqualified_senders)dnl FEATURE(no_default_msa) DOMAIN(generic)dnl MAILER(local)dnl MAILER(smtp)dnl MAILER(uucp) IV. SUMMARY After trying to work this through various support channels, we were finally told, by anonymous IBM support and developers, "very unofficially", that the only way to get this resolved would be to make this announcement. Tom E. Perrine <tep@SDSC.EDU> | San Diego Supercomputer Center http://www.sdsc.edu/~tep/ | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/> iQCVAwUBPsEiMRTSxpWcaAFRAQGubgP+PULT6GXYtDRvS+Qw6Sc0IJbEOq2gG4yz /9tMEzs692eYftt0SmC0y8tmPfe3pfG2xgad/hfnMJeEG4oTld+vElO1wKzPp3f5 oNCFKy3eaBiiRZgN3+SjXV2EjPUT+7W1dpeoCMxl0ESFPPokbAik1JOXZWvqsZQe kE08GUO2gME= =LCUX -----END PGP SIGNATURE-----
