It is not an issue. I don't remember if qmail will silently drop
these messages or return a bounce for them, but it most certainly will
not run any programs as root because of them.
----ScottG.
John Steniger <[EMAIL PROTECTED]> writes:
> Hello,
>
> Running a network test against my recent qmail installation, I get reports
> on the mailto programs hole, which allows users to telnet to port 25 and
> issue:
>
> MAIL FROM: root@this_host
> RCPT: <any program>
>
> This allows users to potentially execute any command with root authority.
> The warning came with the caveat that this may not be an issue, as some
> MTA's simply drop these messages silently.
>
> Does anyone know how qmail handles this? Is this an issue with qmail, or is
> qmail one of the exceptions?
>
> Thanks.
