Heads up to all qmail users out there... ----- Forwarded message from John Brown -----
Date: Mon, 14 Jul 2003 10:34:00 -0600 From: John Brown <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: qmail smtp-auth bug allows open relay seems that there are installs of the smtp-auth patch to qmail that accept anything as a user name and password and thus allow you to connect. http://marc.theaimsgroup.com/?l=qmail&m=105452174430616&w=2 is one URL that talks about this. There has been an increase is what appears to be qmail based open-relays over the last 5 days. Each of these servers pass the normal suite of open-relay tests. Spammers are scanning for SMTP-AUTH and STARTTLS based mail servers that may be misconfigured. Then using them to send out their trash. Some early docs on setting up qmail based smtp-auth systems had the config infor incorrect. This leads to /usr/bin/true being used as the password checker. :( >From an operational perspective, I suspect we will see more SMTP scans The basic test (see URL above) should get incorporated into various open-relay testing scripts. cheers john brown chagres technologies, inc ----- End forwarded message ----- -- "All truth passes through three stages. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as being self-evident." - Arthur Schopenhauer (1788-1860) ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
