[59789] in North American Network Operators' Group
Re: qmail smtp-auth bug allows open relay
daemon@ATHENA.MIT.EDU (Stephen Sprunk)
Sat Jul 19 18:58:02 2003
From: "Stephen Sprunk" <stephen@sprunk.org>
To: "John Brown" <jmbrown@chagresventures.com>
Cc: "North American Noise and Off-topic Gripes" <nanog@merit.edu>
Date: Sat, 19 Jul 2003 17:46:59 -0500
Errors-To: owner-nanog-outgoing@merit.edu
Thus spake "John Brown" <jmbrown@chagresventures.com>
> seems that there are installs of the smtp-auth patch
> to qmail that accept anything as a user name and password
> and thus allow you to connect.
>
> http://marc.theaimsgroup.com/?l=qmail&m=105452174430616&w=2
>
> is one URL that talks about this.
> ...
> Some early docs on setting up qmail based smtp-auth systems
> had the config infor incorrect. This leads to /usr/bin/true
> being used as the password checker. :(
That isn't a bug; it's a documentation problem and/or incompetent admin,
depending on how generous you're feeling.
S
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
