[59635] in North American Network Operators' Group
Re: qmail smtp-auth bug allows open relay
daemon@ATHENA.MIT.EDU (Margie Arbon)
Tue Jul 15 22:29:21 2003
Date: Tue, 15 Jul 2003 19:29:09 -0700
From: Margie Arbon <margie@mail-abuse.org>
Reply-To: Margie Arbon <margie@mail-abuse.org>
To: nanog@merit.edu
In-Reply-To: <20030715201709.A48307@jedi.staff.chagres.net>
Errors-To: owner-nanog-outgoing@merit.edu
--On Tuesday, July 15, 2003 8:17 PM -0600 John Brown
<jmbrown@chagresventures.com> wrote:
>
> Nope, I thought it might be operational in nature. ergo
> spammers and others now scanning for qmail-smtp-auth patch
> users and using those weak sites as a relay.
>
I think this *is* operational in nature. FYI, we have found this
hack actively being used on seemingly secure qmail, exchange, IMail,
postfix servers run by admins with clue. And we have a pattern of the
same content and an apparent small set of source IPs. (I'm working
on that angle now)
Check your mail logs campers.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=
Margie Arbon Mail Abuse Prevention System, LLC
margie@mail-abuse.org http://mail-abuse.org
