Ian Lance Taylor <[EMAIL PROTECTED]> writes:
> Obviously there isn't anything wrong with qmail. And obviously these
> bug reports are highly misleading in implying that there is a bug
> which needs to be fixed in qmail. But I do think that the bug reports
> have a point: if you install qmail-1.03 according to a reasonable
> reading of the instructions which come with the tar file, your system
> may be vulnerable to a theoretical denial of service attack. The fact
> that other people tell you to install qmail in a different way is
> interesting, but does not change the fact that qmail-1.03 comes with
> installation instructions which at least some people will naturally
> follow. I certainly did in my first qmail installation.
Even if you *do* use softlimit to block that *particular* issue, you
are *still* subject to various theoretical DOS attacks. *Any* server
is subject to theoretical DOS attacks.
--
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/
Photos: http://dd-b.lighthunters.net/
