North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: qmail smtp-auth bug allows open relay
John, Did you mean to post this on the qmail list per chance ? Dee On Mon, 2003-07-14 at 08:34, John Brown wrote: > seems that there are installs of the smtp-auth patch > to qmail that accept anything as a user name and password > and thus allow you to connect. > > http://marc.theaimsgroup.com/?l=qmail&m=105452174430616&w=2 > > is one URL that talks about this. > > There has been an increase is what appears to be qmail based > open-relays over the last 5 days. Each of these servers > pass the normal suite of open-relay tests. > > Spammers are scanning for SMTP-AUTH and STARTTLS based > mail servers that may be misconfigured. Then using them > to send out their trash. > > Some early docs on setting up qmail based smtp-auth systems > had the config infor incorrect. This leads to /usr/bin/true > being used as the password checker. :( > > >From an operational perspective, I suspect we will see more > SMTP scans > > The basic test (see URL above) should get incorporated into > various open-relay testing scripts. > > cheers > > john brown > chagres technologies, inc > >
|