Hello Derrick, Monday, September 15, 2003, 10:57:57 AM, you wrote:
D> I think I figured it out. The qmail-smtpd.c patch for SMTP AUTH had an D> exploit. It did require authentications, but it didn't care what D> credentials you threw at it, so long as you sent something. Yes, there are/were a few SMTP auth patches put up by people who did not fully give the correct instructions on how to install with regards to the smtpd run file. qmail by itself has never had a security breach. Chances are you have a misconfigured qmail-smtpd run file, which some of these sites for patches have put up erroneously, causing this error. an explanation and fix is in the thread of http://marc.theaimsgroup.com/?l=qmail&m=105452174430616&w=2 Or, you can do the following: If you have the current source code and the patch you applied, you should be able to use "patch -R" to apply the patch in reverse, which will essentially remove it from qmail. If you don't know what qmail patches you have, it's probably best to re-install from scratch, so in the future you know how your system is configured. It just takes a few minutes to install from source. D> On that note, does anyone know of a way to get SMTP AUTH working with D> qmail without being an accidental relay? See above link for probable fix, or Yes, install qmail from source, run make setup check, and pick a good auth patch from lifewithqmail.org A good one is http://members.elysium.pl/brush/qmail-smtpd-auth/index.html -- Best regards, Gary _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"