Re: qmail smtp-auth bug allows open relay

From: Frank Knobbe (fknobbeat_private)
Date: Wed Jul 16 2003 - 10:16:14 PDT

Next message: Dowling, Gabrielle: "RE: Patched IIS/frontpage host compromised 7-1-2003"

Previous message: Jeff Bollinger: "Re: Patched IIS/frontpage host compromised 7-1-2003"
In reply to: Roberto Cardona: "Re: qmail smtp-auth bug allows open relay"
Next in thread: David A. Ulevitch: "Re: qmail smtp-auth bug allows open relay"
Reply: David A. Ulevitch: "Re: qmail smtp-auth bug allows open relay"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2003-07-15 at 18:14, Roberto Cardona wrote:
> Is the patch needed if the implementation of the auth module is correct? I
> checked and my conf files for qmail are setup correctly so I wonder if
> it's worth applying the patch. Thank you.

From what I understand, the patch just ensures that the system is not
vulnerable if you accidentally do not set it up correctly. I haven't
looked at the code, but according to the description, it checks for the
presence of all three command line arguments, and refuses to relay if
one is missing.

In other words, it's not a patch per se (i.e. to get rid of a bug), but
an added safety precaution. If you are confident, that you won't
misconfigure it by mistake, you don't need to apply the patch. Your
risk, your choice.

Regards,
Frank

application/pgp-signature attachment: This is a digitally signed message part

Next message: Dowling, Gabrielle: "RE: Patched IIS/frontpage host compromised 7-1-2003"
Previous message: Jeff Bollinger: "Re: Patched IIS/frontpage host compromised 7-1-2003"
In reply to: Roberto Cardona: "Re: qmail smtp-auth bug allows open relay"
Next in thread: David A. Ulevitch: "Re: qmail smtp-auth bug allows open relay"
Reply: David A. Ulevitch: "Re: qmail smtp-auth bug allows open relay"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 16 2003 - 15:36:23 PDT