On 3/8/2011 10:43 AM, Eric Shubert wrote:
> On 03/07/2011 11:24 PM, Eric Broch wrote:
>> On 3/7/2011 3:09 PM, Eric Shubert wrote:
>>> Would someone like to test to see if QMT's implementation of SMTP/TLS
>>> is succeptable to this flaw?
>>> http://marc.info/?l=postfix-users&m=129952854117623&w=2
>>>
>>> This has been discussed on the dovecot list recently, and Timo reports
>>> that dovecot does not have this problem.
>>>
>>
>> Eric S,
>>
>> Here's the output. It may not look good.
>>
>> [root@poweredgeT1052 apps]# ./openssl s_client -quiet -starttls smtp
>> -connect localhost:25
>> 250 AUTH LOGIN PLAIN CRAM-MD5
>> 250 flushed
>>
>> Eric B.
>>
>>
>> ---------------------------------------------------------------------------------
>>
>
> EricB and has done some further testing as well, and it appears that
> both spamdyke and qmail-smtpd suffer from this ailment.
>
> Is there anyone here with any C savvy? If you do and you'd like to
> have a stab at this, please chime in.
>
> I'm going to post this on the spamdyke list, and see what Sam has to
> say about it. I expect he'll be getting it fixed fairly quickly.
>
I also tried another 'trick' to test this issue. I opened two putty
sessions to my server. In one session I merely opened a file (vi test)
and typed STARTTLS on the first line, hit enter (\r\n), then typed RSET
and hit enter (\r\n) again. I copied this file's contents into the
buffer (highlight and mouse left click) in the manner of 'Putty' (I used
notepad to create this entry also). In the second session I entered
'telnet localhost 25' at the prompt and after receiving the server
welcome pasted my buffer from the first session (or notepad) into the
second putty session's smtp conversation. Here's the output:
[root@poweredgeT105 ~]# telnet mail.whitehorsetc.com 25
Trying 192.168.9.2...
Connected to mail.whitehorsetc.com (192.168.9.2).
Escape character is '^]'.
220 poweredgeT105.whitehorsetc.com - Welcome to Qmail Toaster Ver. 1.3
SMTP Server ESMTP
STARTTLS
RSET
220 Proceed.
If any one sees flaws in this procedure, let me know.
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
