On Wed, Apr 08, 2020, Kevin Chadwick wrote: > OpenSMTPD does not listen to the internet, by default and even if you do set > it
From: Qualys Security Advisory <q...@qualys.com> To: oss-secur...@lists.openwall.com Message-ID: <20200224184538.GF17396@localhost.localdomain> - Client-side exploitation: This vulnerability is remotely exploitable in OpenSMTPD's (and hence OpenBSD's) default configuration. Although ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Is it hard to write a secure mail server, sure. Look at exims bugs. [Is that like saying: "Is it hard to write a secure OS, sure. Look at Linux bugs."? ] How about qmail (or postfix)? (and some other barely known MTA) -- Address is valid for this mailing list only, please do not reply to it direcly, but to the list.
