Re: Security Hole in 0.40 default plugin configuration

2008-02-19 Thread Guy Hulbert
On Tue, 2008-02-19 at 11:48 +, Richard Smith wrote: > I notice that the default plugin config file shipped with 0.40 contains > the lines > > auth/auth_flat_file > auth/authnull > auth/authdeny > > Given that authnull allows anything to connect as authenticated this > allows anything to use

Security Hole in 0.40 default plugin configuration

2008-02-19 Thread Richard Smith
I notice that the default plugin config file shipped with 0.40 contains the lines auth/auth_flat_file auth/authnull auth/authdeny Given that authnull allows anything to connect as authenticated this allows anything to use such an smtp server as an open relay. Rick