qmail smtp-auth bug allows open relay

• Previous message (by thread): qmail smtp-auth bug allows open relay
• Next message (by thread): qmail smtp-auth bug allows open relay
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

John,

Did you mean to post this on the qmail list per chance ?

Dee

On Mon, 2003-07-14 at 08:34, John Brown wrote:
> seems that there are installs of the smtp-auth patch
> to qmail that accept anything as a user name and password
> and thus allow you to connect.
> 
> http://marc.theaimsgroup.com/?l=qmail&m=105452174430616&w=2
> 
> is one URL that talks about this.
> 
> There has been an increase is what appears to be qmail based
> open-relays over the last 5 days.  Each of these servers
> pass the normal suite of open-relay tests.
> 
> Spammers are scanning for SMTP-AUTH and STARTTLS based 
> mail servers that may be misconfigured. Then using them
> to send out their trash.
> 
> Some early docs on setting up qmail based smtp-auth systems
> had the config infor incorrect.  This leads to /usr/bin/true
> being used as the password checker. :(
> 
> >From an operational perspective, I suspect we will see more
> SMTP scans
> 
> The basic test (see URL above) should get incorporated into
> various open-relay testing scripts.
> 
> cheers
> 
> john brown
> chagres technologies, inc
> 
> 

• Previous message (by thread): qmail smtp-auth bug allows open relay
• Next message (by thread): qmail smtp-auth bug allows open relay
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]