[vchkpw] CHKUSER and smtpd-auth 0.57
Hi, I have installed Netqmail-1.05 / Vpopmail 5.4.17 and qmail-smtpd-auth-0.57(www.fehcom.de) Is it possible to install chkuser 2.0 with this configuration? Do I need to make some changes? Thanks in advance, Andrés
[vchkpw] MAIL FROM question
Hi All, I have an auditor who is telling me that allowing non-SMTP-AUTHd clients to use a valid local user in MAIL FROM: is a potential spoof, and a security vulnerability. I just can't fathom how that is. As I understand it, MAIL FROM is only used for returning undeliverable mail. So, yes, I'm sure we've all been joe-jobbed, but he's talking about on my own server. Since I'm using tcpserver, I really have total control over what would be a 'local joe-job'. Supposedly it'll be in the pen-test report, but I haven't even been given a theoretical on how this is an issue. Can anyone else come up with one? Rick
Re: [vchkpw] CHKUSER and smtpd-auth 0.57
Charrua wrote: Hi, I have installed Netqmail-1.05 / Vpopmail 5.4.17 and qmail-smtpd-auth-0.57(www.fehcom.de) Is it possible to install chkuser 2.0 with this configuration? Do I need to make some changes? Thanks in advance, Andrés use hoffman's spamcontrol patchset, it includes the auth plus a chkuser-type patch, qmail-recipients why not use dr hoffman's spamcontrol patch-set ? it includes the smtp-auth (you already found that) plus a chkuser-type patch i believe he calls the qmail-recipients extension.
