Re: orbs.org accuses qmail of mailbomb relaying!

[Brian Johnson]

On Fri, Jul 21, 2000 at 09:18:42AM -0400, Greg Owen wrote:
> > sounds like you used the patch that controls relaying by the 
> > from address??
> 
>       No, ORBS is talking about a different thing.
> 
>       If I want to mailbomb foo.com, and bar.com is running qmail, then I
> can connect to bar.com's mail and say:
> 
> mail from: <[EMAIL PROTECTED]>   (not me, my victim)
> rcpt to: <[EMAIL PROTECTED]>          (presumed not to exist, will bounce)
> rcpt to: <[EMAIL PROTECTED]>          (same)
> ...                           (and so on)
> rcpt to: <[EMAIL PROTECTED]>          (same)
> data
> Subject: ha ha ha
> 
> Enjoy this DOS
> .
> quit
> 
>       And qmail will send 26 individual bounce messages, one for each
> nonexistent recipient at bar.com, back to our victim at foo.com.
> 
>       I think ORBS is worrying too much, but that's just me.
---end quoted text---

oh, I get it..  I agree that they're probably worrying too much, but how should
qmail prevent this?  does sendmail handle it differently?
-- 
Brian Johnson <[EMAIL PROTECTED]>
---
In what language does 'open' mean 'execute the evil contents of a document?
      --Les Mikesell