On Wed, Jul 18, 2001 at 12:25:14PM -0700, Matt Simonsen wrote:
> I got these from Nessus ... a scan of email.careercast.com, running Qmail
> 1.03. I have to believe they are all non-issues because I saw several
> threads relating to the way Qmail hadles pipes, but perhaps somebody out
> there can confirm them all as false alarms. The last ones are probably the
> ones that are the most worrysome out of all of them.
>
>
> From Nessus:
>
> The remote SMTP server did not complain when issued the
> command :
> MAIL FROM: root@this_host
> RCPT TO: |testing
False positive.
> The remote SMTP server did not complain when issued the
> command :
> MAIL FROM: root@this_host
> RCPT TO: /tmp/nessus_test
False positive.
> The remote SMTP server did not complain when issued the
> command :
> MAIL FROM: |testing
False positive, and a repeat as well.
> There is a buffer overflow
> when this MTA is issued the 'HELO' command
> issued by a too long argument.
No there isn't.
> It was possible to perform
> a denial of service against the remote
> Interscan SMTP server by sending it a special long HELO command.
No it wasn't, and you aren't running Interscan.
> There seem to be a buffer overflow in the remote SMTP server
> when the server is issued a too long argument to the 'MAIL FROM'
> command, like :
>
> MAIL FROM: AAA[...][EMAIL PROTECTED]
>
> Where AAA[...]AAA contains more than 8000 'A's.
False positive.
> There is a problem in NTMail3, which allows anyone to
> use it as a mail relay, provided that the source adress is set to '<>'.
> This problem allows any spammer to use your mail server to spam the
> world, thus blacklisting your mailserver, and using your network
> resources.
I'm sure there is, but Qmail is not NTMail, is it?
Nothing to worry about -- but you should probably go talk to the author
of Nessus and point him to www.qmail.org and cr.yp.to.
-dsr-
