=========================================================================== SCO Security Bulletin 00.12 20th April 2000 MMDF configuration for SMTP anti-relay --------------------------------------------------------------------------- I. Description MMDF configuration on SCO OpenServer 5.0.X does not have SMTP anti-relay enabled by default. II. Impact It is a common tactic among spammers to use other machines as an SMTP relay to make their mail appear as if does not come from their site. Without anti-relay enabled, you are open to abuse by spammers who wish to use your machine as an intermediate hop in delivery of email, and may eventually mark you as a spam-producing site whose email will be refused by others. III. Releases This bulletin addresses the solution for MMDF on OpenServer 5.0.X. IV. Solution The solution for configuring MMDF to disable mail relay may be found in Technical Article: http://www.sco.com/cgi-bin/ssl_reference?104596 entitled "How to configure MMDF to control mail routing on a per-host basis". Contained within the TA are instructions for configuring MMDF to apply authorization on outgoing mail, allowing you to block outgoing mail except for those originating from a specified list of trusted hosts. V. Updates The latest information on security vulnerabilities and fixes from SCO is available on the world-wide web at http://www.sco.com/security/ VI. Further Information: If you have further questions, contact your support provider. If you need to contact SCO, please send electronic mail to support@sco.COM, or contact SCO as follows. USA/Canada: 6am-5pm Pacific Time (PST/PDT) ----------- 1-800-347-4381 (voice) 1-408-427-5443 (fax) Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific ------------------------------------------------ Time (PST/PDT) 1-408-425-4726 (voice) 1-408-427-5443 (fax) Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST) ---------------------------- +44 (0)1923 816344 (voice) +44 (0)1923 817781 (fax)