Hello,
Running a network test against my recent qmail installation, I get reports
on the mailto programs hole, which allows users to telnet to port 25 and
issue:
MAIL FROM: root@this_host
RCPT: <any program>
This allows users to potentially execute any command with root authority.
The warning came with the caveat that this may not be an issue, as some
MTA's simply drop these messages silently.
Does anyone know how qmail handles this? Is this an issue with qmail, or is
qmail one of the exceptions?
Thanks.
