Hello, I've been using qmail flawiness since a few years now, and I just
discovered something very annoying:
If somebody use a wrong local user during an SMTP connection to qmail,
qmail won't say a "550 unknow user" but will later send a mail back to the
sender. This is very annoying because anybody can use my smtp server to do
mailbombing to somebody else like:
$ telnet localhost smtp
220 mail.nobis-crew.org ESMTP
HELO evil.spammer.com
250 mail.nobis-crew.org
MAIL FROM: I Hate You <[EMAIL PROTECTED]>
250 ok
RCPT TO: unknown <[EMAIL PROTECTED]>
250 ok
DATA
354 go ahead
Evil Spam
.
250 ok 999122357 qp 3682
And doing so many times will causes the poor [EMAIL PROTECTED] mail
bombed with
"Hi. This is the qmail-send program at ...."
and I'll get naturally flamed by this poor guy since I'd allow this to
happend.
I'm aware that if my qmail is doing relaying, it's impossible to be
stopped, since it's the drawback of the relaying, but this is about local
mails.
Is there an issue about this?
Thanks,
-- Nicolas Noble
