> -----Original Message----- > From: Remo Mattei [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 19, 2005 5:21 PM > To: vchkpw@inter7.com > Subject: Re: [vchkpw] (Urgent) qmail-smtpd Bug !!!!!!!!! > > Dude this is normal behavior.
No I don't think so, It is a big security issue. > ----- Original Message ----- > From: "Samir Noshy" <[EMAIL PROTECTED]> > To: "Qmail List" <qmail@list.cr.yp.to>; "[EMAIL PROTECTED] Com" > <vchkpw@inter7.com> > Sent: Tuesday, April 19, 2005 9:24 AM > Subject: [vchkpw] (Urgent) qmail-smtpd Bug !!!!!!!!! > > > > Hi Everybody, > > > > I have a system consists of qmail 1.03 and vpopmail-5.4.9 and > > courier-imap-4.0.2 and SM and QS. > > > > I think that there is a bug in the qmail-smtpd. > > > > the bug that I can send mail as/from a local account to any > other local > > account Although I use SMTP auth provided by : > > http://www.fehcom.de/qmail/smtpauth.html. > > > > smtpd and SMTP Auth. must prevent anyone to Impersonate > and send mail > > from > > an Local Account other than his Local Account to any other > Local account. > > > > Imagine that I host the two domains: companyXX.com and > companyYY.com for > > example. > > > > So , an any person who did not belong to companyXX.com can > Impersonate as > > [EMAIL PROTECTED] and send a formal email - w/o authenticating of > > course - > > to [EMAIL PROTECTED] or [EMAIL PROTECTED] > > > > I want to do that to prevent any other third party - or > even any local > > account users- to Impersonate and send mail from an other > Local Account to > > any other Local account. > > > > By the way; My /var/qmail/supervise/qmail-smtpd/run as follow : > > > > > > > > #!/bin/sh > > > > # when QMAILQUEUE is set, all mail will be sent to the > nominated script > > QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE > > > > QMAILDUID=`id -u vpopmail` > > > > QMAILDGID=`id -g vchkpw` > > > > exec /usr/local/bin/softlimit -m 15000000 \ > /usr/local/bin/tcpserver \ > > > > -v -x /etc/tcp.smtp.cdb \ > > > > -c 20 -R -u "$QMAILDUID" -g "$QMAILDGID" 0 smtp \ > > /usr/local/bin/rblsmtpd -b > > -C \ > > > > -r 'relays.ordb.org:Your message was rejected because the > mail server you > > use is configured to allow OPEN RELAY - More detailed information > > regarding > > this problem is available from http://www.ordb.org/lookup/?host=%IP% > > <http://www.ordb.org/lookup/?host=%IP%> - Please forward > this error > > through > > to your email server support staff for easy resolution.' \ > > > > -r 'list.dsbl.org:Your message was rejected because the > message was sent > > from a server listed in DSBL - More information regarding > this problem is > > available at http://dsbl.org/listing?%IP% > > http://dsbl.org/listing?%IP%> - > > Please forward this error to your email server support staff for > > resolution.' \ > > > > -r 'sbl-xbl.spamhaus.org:Your message was rejected because > the message was > > sent from a server listed in the Spamhaus RBL - More > information regarding > > this problems is available at > http://www.spamhaus.org/query/bl?ip=%IP% > > <http://www.spamhaus.org/query/bl?ip=%IP%> - Please > forward this error to > > your email server support staff for resolution.' \ > > > > /var/qmail/bin/qmail-smtpd \ > > > > /home/vpopmail/bin/vchkpw /bin/true 2>&1 > > > > > > > > Can anyone help me to work around this problem ???? > > > > > > Best Regards. > > > > Samir Noshy > > > > > > >
