On Fri, Jan 26, 2001 at 09:16:54AM -0800, [EMAIL PROTECTED] wrote:
> On Thu, 25 Jan 2001, Markus Stumpf wrote:
>
> > If AOL or hotmail would decide to change their MX records to your mailserver
> > this will for sure also cause you problems.
>
> Actually, Qmail works fine as an incoming MX for H
"D. J. Bernstein" <[EMAIL PROTECTED]> writes:
> Patrick Bihan-Faou writes:
> > If you don't count that as a bug in qmail, then I don't know what is a
> > bug...
>
> In fact, it's not a bug; it's a portability problem. If you were using
> OpenBSD, you'd see outgoing connections to 0.0.0.0 rejecte
Markus Stumpf <[EMAIL PROTECTED]> writes:
> On Thu, Jan 25, 2001 at 06:32:47PM -0500, Scott Gifford wrote:
> > Markus Stumpf <[EMAIL PROTECTED]> writes:
> > > If AOL or hotmail would decide to change their MX records to your mailserver
> > > this will for sure also cause you problems.
> >
> > No
On Thu, Jan 25, 2001 at 10:18:11PM -, D. J. Bernstein wrote:
> Patrick Bihan-Faou writes:
> > If you don't count that as a bug in qmail, then I don't know what is a
> > bug...
>
> In fact, it's not a bug; it's a portability problem. If you were using
> OpenBSD, you'd see outgoing connections
Pavel Kankovsky <[EMAIL PROTECTED]> wrote:
> Now, how old qmail 1.03 is? CHANGES in qmail-1.03.tar.gz say it was
> released on June 15 1998. Hmm...this predates the change in question
> (January 11 1999), doesn't it?
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_usrreq.c
Revision
On Thu, Jan 25, 2001 at 06:32:47PM -0500, Scott Gifford wrote:
> Markus Stumpf <[EMAIL PROTECTED]> writes:
> > If AOL or hotmail would decide to change their MX records to your mailserver
> > this will for sure also cause you problems.
>
> No it won't. qmail will give an error that the MX record
Hi Mark,
> Patrick. If you're that bitter about people accurately explaining to
> you that a bug is not necessarily the same as a security exploit, [...]
Well I guess I disagree on the meaning of a security problem. If you can use
this trick to create a DOS attack on a system, to me that would
Markus Stumpf <[EMAIL PROTECTED]> writes:
> On Thu, Jan 25, 2001 at 01:56:45PM -0500, Patrick Bihan-Faou wrote:
> > Well failure to recognize that 0.0.0.0 is yourself is not quite DNS related
> > exploit. It is a bug.
>
> If AOL or hotmail would decide to change their MX records to your mailserv
> >>Read Bruce Schneier's comment on these type of contests in his latest
> book...<<
>
> Name of book, please.
"Secrets and Lies" if my memory serves me right.
> >>Well my answer to this is "don't use qmail"<<
>
> So, what do you recommend?
>
I am not recommending anything, choose a solution
Among other thins, Patrick Bihan-Faou said:
>>Read Bruce Schneier's comment on these type of contests in his latest
book...<<
Name of book, please.
>>Well my answer to this is "don't use qmail"<<
So, what do you recommend?
Patrick.
Patrick Bihan-Faou writes:
> If you don't count that as a bug in qmail, then I don't know what is a
> bug...
In fact, it's not a bug; it's a portability problem. If you were using
OpenBSD, you'd see outgoing connections to 0.0.0.0 rejected with EINVAL.
---Dan
Patrick Bihan-Faou <[EMAIL PROTECTED]> wrote:
>
> Well failure to recognize that 0.0.0.0 is yourself is not quite DNS related
> exploit. It is a bug.
>
>
>
> I like these rules that say "yeah we are setting up a challenge, but there
> is no way that you could ever win it"...
The only reason i
> Well failure to recognize that 0.0.0.0 is yourself is not
> quite DNS related exploit. It is a bug.
I'll buy that, but it isn't a security hole. You did note the word
"security" between "qmail" and "challenge," yes? Its in the titlebar, the
large words at the top of the page, and th
On Thu, Jan 25, 2001 at 01:56:45PM -0500, Patrick Bihan-Faou wrote:
> So saying "it does not fit our challenge because you need to use DNS to
> perform the attack" is like saying "well qmail is perfectly safe if you
> don't use it in the real world"... Good PR move guys, and a cheap one too!
>
>
begone, troll.
Patrick Bihan-Faou writes:
>> On Thu, Jan 25, 2001 at 12:40:47PM -0500, Patrick Bihan-Faou wrote:
>> > Well I guess that this one is definitely elligible for the
>> "qmail security
>> > challenge".
>> > http://web.infoave.net/~dsill/qmail-challenge.html
>> > If you don't count
On Thu, Jan 25, 2001 at 01:56:45PM -0500, Patrick Bihan-Faou wrote:
> Well failure to recognize that 0.0.0.0 is yourself is not quite DNS related
> exploit. It is a bug.
If AOL or hotmail would decide to change their MX records to your mailserver
this will for sure also cause you problems.
But n
Oh and for the fact that the challenge is closed. I mean cool more money to
FSF.
But still my comment is more on "what constitute a problem with qmail". I
don't really care for the challenge itself, but more on the attitude of
saying "this is not a qmail issue, but something else's fault".
Pat
> On Thu, Jan 25, 2001 at 12:40:47PM -0500, Patrick Bihan-Faou wrote:
> > Well I guess that this one is definitely elligible for the
> "qmail security
> > challenge".
> > http://web.infoave.net/~dsill/qmail-challenge.html
> > If you don't count that as a bug in qmail, then I don't know what is a
>
On Thu, Jan 25, 2001 at 12:40:47PM -0500, Patrick Bihan-Faou wrote:
>
>
> Well I guess that this one is definitely elligible for the "qmail security
> challenge".
>
> http://web.infoave.net/~dsill/qmail-challenge.html
>
> If you don't count that as a bug in qmail, then I don't know what is a
>
??
definitely not eligible. where's the exploit?
Patrick Bihan-Faou writes:
>
>
> Well I guess that this one is definitely elligible for the "qmail security
> challenge".
>
>
>
>
> If you don't count that as a bug in qmail, then I don't know what is a
> bug...
>
>
>
> Patrick.
"Patrick Bihan-Faou" <[EMAIL PROTECTED]> wrote:
>Well I guess that this one is definitely elligible for the "qmail security
>challenge".
>
>http://web.infoave.net/~dsill/qmail-challenge.html
>
>
>If you don't count that as a bug in qmail, then I don't know what is a
>bug...
Sure, it's a bug. Dan
> Well I guess that this one is definitely elligible for the
> "qmail security challenge".
>
> http://web.infoave.net/~dsill/qmail-challenge.html
I don't think so. The challenge says:
"Bugs that qualify for the prize, subject to the other conditions
outlined in these rules, must be
On Thu, Jan 25, 2001 at 12:40:47PM -0500, Patrick Bihan-Faou wrote:
> Well I guess that this one is definitely elligible for the "qmail security
> challenge".
> http://web.infoave.net/~dsill/qmail-challenge.html
> If you don't count that as a bug in qmail, then I don't know what is a
> bug...
You
Well I guess that this one is definitely elligible for the "qmail security
challenge".
http://web.infoave.net/~dsill/qmail-challenge.html
If you don't count that as a bug in qmail, then I don't know what is a
bug...
Patrick.
"Scott Gifford" <[EMAIL PROTECTED]> wrote in message
news:<[E
Matt Brown <[EMAIL PROTECTED]> writes:
> This has been a feature of recent spam, which is probably why it's now
> an issue. Several spam senders are now having sender addresses of
> @, where resolves via DNS to
> '0.0.0.0'.
>
> Eventually qmail rejects the message because it recognises that it
Matt Brown <[EMAIL PROTECTED]> wrote:
>This has been a feature of recent spam, which is probably why it's now
>an issue. Several spam senders are now having sender addresses of
>@, where resolves via DNS to
>'0.0.0.0'.
>
>Eventually qmail rejects the message because it recognises that it's
>loo
Scott Gifford <[EMAIL PROTECTED]> writes:
> Keary Suska <[EMAIL PROTECTED]> writes:
>
> > This would definitely be a bug of concern--even sendmail (yoiks!) knows how
> > to handle 0.0.0.0. But shouldn't qmail bounce the message as a possible MX
> > loop?
>
> It should, but does not. Putting
Keary Suska <[EMAIL PROTECTED]> writes:
> This would definitely be a bug of concern--even sendmail (yoiks!) knows how
> to handle 0.0.0.0. But shouldn't qmail bounce the message as a possible MX
> loop?
It should, but does not. Putting it into ipme would cause it to.
See my original post t
Scott Gifford <[EMAIL PROTECTED]> writes:
> We received an influx of mail today addressed to (probably bogus)
> users at the domain 'groupprojects.net'. This domain has the
> following MX record:
>
> groupprojects.net preference = 0, mail exchanger = 0.0.0.0
>
> When we received the
Charles Cazabon <[EMAIL PROTECTED]> wrote:
>
> Change your rule to:
> 126.:allow,RELAYCLIENT="@localrelay"
127., of course. Typo.
Charles
--
---
Charles Cazabon<[EMAIL PROTECTED]>
GPL'ed soft
Scott Gifford <[EMAIL PROTECTED]> wrote:
[...]
> 127. is allowed to relay on my system, the message was accepted. Then
> qmail would immediately begin delivering the message to itself again.
> Wash, rinse, repeat.
>
> I stopped this from happening by denying connections from 127. in my
> TCP ru
31 matches
Mail list logo
