nanog mailing list archives
Re: qmail smtp-auth bug allows open relay
From: "W.D. McKinney" <dee () akwireless net>
Date: 14 Jul 2003 20:45:44 -0800
John, Did you mean to post this on the qmail list per chance ? Dee On Mon, 2003-07-14 at 08:34, John Brown wrote:
seems that there are installs of the smtp-auth patch to qmail that accept anything as a user name and password and thus allow you to connect. http://marc.theaimsgroup.com/?l=qmail&m=105452174430616&w=2 is one URL that talks about this. There has been an increase is what appears to be qmail based open-relays over the last 5 days. Each of these servers pass the normal suite of open-relay tests. Spammers are scanning for SMTP-AUTH and STARTTLS based mail servers that may be misconfigured. Then using them to send out their trash. Some early docs on setting up qmail based smtp-auth systems had the config infor incorrect. This leads to /usr/bin/true being used as the password checker. :(From an operational perspective, I suspect we will see moreSMTP scans The basic test (see URL above) should get incorporated into various open-relay testing scripts. cheers john brown chagres technologies, inc
Current thread:
- qmail smtp-auth bug allows open relay John Brown (Jul 14)
- Re: qmail smtp-auth bug allows open relay W.D. McKinney (Jul 14)
- Re: qmail smtp-auth bug allows open relay Valdis . Kletnieks (Jul 14)
- Re: qmail smtp-auth bug allows open relay John Brown (Jul 15)
- Re: qmail smtp-auth bug allows open relay John Brown (Jul 15)
- Re: qmail smtp-auth bug allows open relay Margie Arbon (Jul 15)
- Re: qmail smtp-auth bug allows open relay Jack Bates (Jul 16)
- Re: qmail smtp-auth bug allows open relay Valdis . Kletnieks (Jul 14)
- Re: qmail smtp-auth bug allows open relay W.D. McKinney (Jul 14)
- Re: qmail smtp-auth bug allows open relay Stephen Sprunk (Jul 19)