This came across on the Dovecot list recently: http://marc.info/?l=postfix-users&m=129952854117623&w=2
Eric B on the QMT list has done some testing, and it appears that both spamdyke and qmail-smtpd presently contain this flaw. Sam, will you have a look into this? The link explains the situation in good detail. While I wouldn't call this a severe bug, it is a real vulnerability none the less. Also, I'm not familiar at all with the qmail-smtpd code. QMT presently uses these TLS patches: http://erresea.arda.homeunix.net/store/qmail/ http://inoa.net/qmail-tls/ Do you have any words of wisdom regarding these patches? I hope that someone in the QMT community (myself, if nobody else steps up) can get this code fixed as well. Thanks Sam, for all you do. -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users