On Tue, Apr 27, 1999 at 01:27:42PM +0000, Petr Novotny wrote:
> > Harald,
> >
> > here's my invocation. what's wrong with it? 301 being the uid of
> > qmaild.
> >
> > usr/local/bin/tcpserver -c 400 -x /etc/tcp.smtp.cdb -v -u 301 -g
> > nofiles 0 smtp \ /var/qmail/bin/qmail-smtpd \
> > 2>&1 | /var/qmail/bin/splogger smtpd 3 &
> >
> > -------
> >
> > this is a copy of the headers of a mail i got from hotmail. is my
> > invocation a possible security risk?
> >
> > Received: (qmail 3966 invoked from network); 27 Apr 1999 10:59:36
> > -0000 Received: from law-f71.hotmail.com (HELO hotmail.com)
> > (209.185.131.134)
> > by 203.176.16.120 with SMTP; 27 Apr 1999 10:59:36 -0000
> > Received: (qmail 26509 invoked by uid 0); 27 Apr 1999 10:57:35 -0000
> > Message-ID: <[EMAIL PROTECTED]> Received: from
> > 208.169.158.225 by www.hotmail.com with HTTP;
> > Tue, 27 Apr 1999 03:57:35 PDT
>
> It has nothing to do with invocation; in fact, qmail-smtpd always
> writes "invoked from network". UID is taken when qmail-inject (or
> qmail-queue?) is run.
Ofcourse this is qmail-queue, since qmail-inject doesn't touch queue files.
qmail-queue is the only suid app in qmail, to do safe queue injection while
reporting who did it.
> On top of that, this message says that _hotmail.com_ is injecting
> messages as root.
Correct.
Greetz, Peter.
