[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> I have recently been thrown into the qmail administrators position. I have
> spent the last three weeks reading "LWQ" along with anything else I can
> locate. I still do not know a lot, but I'm learning.
Welcome; doing your homework is definitely the right way to get started.
> We have a Cisco Intrusion Detection System (IDS) that continuously reports
> qmail length crash events.
As others have noted, it's likely a false positive. Does your IDS
specifically identify this as a qmail problem, or just a generic
smtpd/MTA problem? qmail has no buffer overflow problems in its smtpd,
and the recommended install uses softlimit/ulimit to limit the amount of
memory that qmail-smtpd can take up during message injection.
If Cisco is claiming a particular qmail vulnerability, they've bought
into some incorrect slander about qmail, and should be corrected.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
-----------------------------------------------------------------------
