Devdas Bhagat <[EMAIL PROTECTED]> writes:
> On 14/07/02 15:18 +0800, Suresh Ramasubramanian wrote:
>> > 2. The header carries the line
>> > Received: (qmail nnnnn invoked by uid nnn) date, etc
>> > I think this line gives away a user's uid. Very certainly
>>
>> So?
> Postfix does not put an authenticated sender name in the headers so that
> brute force attacks on user passwords are hampered.
> Letting a userid out is equivalent to allowing a possible login out.
Well yea, that's a little more security by obscurity at work, but all
qmail is doing is giving you the uid calling the qmail process. Without
actual access to that system, it is meaningless, just a number.
And brute force attacks are brute force attacks.. nobody stops people
from dictionary-attacking your server for logins.
-srs
--
Suresh Ramasubramanian <----> mallet <at> efn dot org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
