On Fri, Jan 26, 2001 at 09:16:54AM -0800, [EMAIL PROTECTED] wrote:
On Thu, 25 Jan 2001, Markus Stumpf wrote:
If AOL or hotmail would decide to change their MX records to your mailserver
this will for sure also cause you problems.
Actually, Qmail works fine as an incoming MX for
On Thu, Jan 25, 2001 at 10:18:11PM -, D. J. Bernstein wrote:
Patrick Bihan-Faou writes:
If you don't count that as a bug in qmail, then I don't know what is a
bug...
In fact, it's not a bug; it's a portability problem. If you were using
OpenBSD, you'd see outgoing connections to
Markus Stumpf [EMAIL PROTECTED] writes:
On Thu, Jan 25, 2001 at 06:32:47PM -0500, Scott Gifford wrote:
Markus Stumpf [EMAIL PROTECTED] writes:
If AOL or hotmail would decide to change their MX records to your mailserver
this will for sure also cause you problems.
No it won't.
"D. J. Bernstein" [EMAIL PROTECTED] writes:
Patrick Bihan-Faou writes:
If you don't count that as a bug in qmail, then I don't know what is a
bug...
In fact, it's not a bug; it's a portability problem. If you were using
OpenBSD, you'd see outgoing connections to 0.0.0.0 rejected with
Well I guess that this one is definitely elligible for the "qmail security
challenge".
http://web.infoave.net/~dsill/qmail-challenge.html
If you don't count that as a bug in qmail, then I don't know what is a
bug...
Patrick.
"Scott Gifford" [EMAIL PROTECTED] wrote in message
On Thu, Jan 25, 2001 at 12:40:47PM -0500, Patrick Bihan-Faou wrote:
Well I guess that this one is definitely elligible for the "qmail security
challenge".
http://web.infoave.net/~dsill/qmail-challenge.html
If you don't count that as a bug in qmail, then I don't know what is a
bug...
You
Well I guess that this one is definitely elligible for the
"qmail security challenge".
http://web.infoave.net/~dsill/qmail-challenge.html
I don't think so. The challenge says:
"Bugs that qualify for the prize, subject to the other conditions
outlined in these rules, must be one
"Patrick Bihan-Faou" [EMAIL PROTECTED] wrote:
Well I guess that this one is definitely elligible for the "qmail security
challenge".
http://web.infoave.net/~dsill/qmail-challenge.html
If you don't count that as a bug in qmail, then I don't know what is a
bug...
Sure, it's a bug. Dan didn't
??
definitely not eligible. where's the exploit?
Patrick Bihan-Faou writes:
Well I guess that this one is definitely elligible for the "qmail security
challenge".
If you don't count that as a bug in qmail, then I don't know what is a
bug...
Patrick.
On Thu, Jan 25, 2001 at 12:40:47PM -0500, Patrick Bihan-Faou wrote:
Well I guess that this one is definitely elligible for the "qmail security
challenge".
http://web.infoave.net/~dsill/qmail-challenge.html
If you don't count that as a bug in qmail, then I don't know what is a
bug...
On Thu, Jan 25, 2001 at 12:40:47PM -0500, Patrick Bihan-Faou wrote:
Well I guess that this one is definitely elligible for the
"qmail security
challenge".
http://web.infoave.net/~dsill/qmail-challenge.html
If you don't count that as a bug in qmail, then I don't know what is a
bug...
Oh and for the fact that the challenge is closed. I mean cool more money to
FSF.
But still my comment is more on "what constitute a problem with qmail". I
don't really care for the challenge itself, but more on the attitude of
saying "this is not a qmail issue, but something else's fault".
On Thu, Jan 25, 2001 at 01:56:45PM -0500, Patrick Bihan-Faou wrote:
Well failure to recognize that 0.0.0.0 is yourself is not quite DNS related
exploit. It is a bug.
If AOL or hotmail would decide to change their MX records to your mailserver
this will for sure also cause you problems.
But
begone, troll.
Patrick Bihan-Faou writes:
On Thu, Jan 25, 2001 at 12:40:47PM -0500, Patrick Bihan-Faou wrote:
Well I guess that this one is definitely elligible for the
"qmail security
challenge".
http://web.infoave.net/~dsill/qmail-challenge.html
If you don't count that as a bug
On Thu, Jan 25, 2001 at 01:56:45PM -0500, Patrick Bihan-Faou wrote:
So saying "it does not fit our challenge because you need to use DNS to
perform the attack" is like saying "well qmail is perfectly safe if you
don't use it in the real world"... Good PR move guys, and a cheap one too!
Well failure to recognize that 0.0.0.0 is yourself is not
quite DNS related exploit. It is a bug.
I'll buy that, but it isn't a security hole. You did note the word
"security" between "qmail" and "challenge," yes? Its in the titlebar, the
large words at the top of the page, and the
Patrick Bihan-Faou [EMAIL PROTECTED] wrote:
Well failure to recognize that 0.0.0.0 is yourself is not quite DNS related
exploit. It is a bug.
sarcasm
I like these rules that say "yeah we are setting up a challenge, but there
is no way that you could ever win it"...
The only reason it
Patrick Bihan-Faou writes:
If you don't count that as a bug in qmail, then I don't know what is a
bug...
In fact, it's not a bug; it's a portability problem. If you were using
OpenBSD, you'd see outgoing connections to 0.0.0.0 rejected with EINVAL.
---Dan
Among other thins, Patrick Bihan-Faou said:
Read Bruce Schneier's comment on these type of contests in his latest
book...
Name of book, please.
Well my answer to this is "don't use qmail"
So, what do you recommend?
Patrick.
Read Bruce Schneier's comment on these type of contests in his latest
book...
Name of book, please.
"Secrets and Lies" if my memory serves me right.
Well my answer to this is "don't use qmail"
So, what do you recommend?
I am not recommending anything, choose a solution based on your
Markus Stumpf [EMAIL PROTECTED] writes:
On Thu, Jan 25, 2001 at 01:56:45PM -0500, Patrick Bihan-Faou wrote:
Well failure to recognize that 0.0.0.0 is yourself is not quite DNS related
exploit. It is a bug.
If AOL or hotmail would decide to change their MX records to your mailserver
this
Hi Mark,
Patrick. If you're that bitter about people accurately explaining to
you that a bug is not necessarily the same as a security exploit, [...]
Well I guess I disagree on the meaning of a security problem. If you can use
this trick to create a DOS attack on a system, to me that would
On Thu, Jan 25, 2001 at 06:32:47PM -0500, Scott Gifford wrote:
Markus Stumpf [EMAIL PROTECTED] writes:
If AOL or hotmail would decide to change their MX records to your mailserver
this will for sure also cause you problems.
No it won't. qmail will give an error that the MX records points
Pavel Kankovsky [EMAIL PROTECTED] wrote:
Now, how old qmail 1.03 is? CHANGES in qmail-1.03.tar.gz say it was
released on June 15 1998. Hmm...this predates the change in question
(January 11 1999), doesn't it?
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_usrreq.c
Revision
Scott Gifford [EMAIL PROTECTED] writes:
Keary Suska [EMAIL PROTECTED] writes:
This would definitely be a bug of concern--even sendmail (yoiks!) knows how
to handle 0.0.0.0. But shouldn't qmail bounce the message as a possible MX
loop?
It should, but does not. Putting it into ipme
Matt Brown [EMAIL PROTECTED] wrote:
This has been a feature of recent spam, which is probably why it's now
an issue. Several spam senders are now having sender addresses of
spammer@spamdomain, where spamdomain resolves via DNS to
'0.0.0.0'.
Eventually qmail rejects the message because it
Matt Brown [EMAIL PROTECTED] writes:
This has been a feature of recent spam, which is probably why it's now
an issue. Several spam senders are now having sender addresses of
spammer@spamdomain, where spamdomain resolves via DNS to
'0.0.0.0'.
Eventually qmail rejects the message because
27 matches
Mail list logo