Your question is not related to vpopmail in any way. I will assume that it's a qmail question and advise that you take any further correspondence with this post to the qmail list.
That being said: On Mon, 2004-11-01 at 15:47 -0800, Bill Sappington wrote: > I seem to have discovered a relay vulnerability. It seems that a rcpt > to: in the form of, > > <spamlart.homeunix.org!spamtest126.96.36.199> > > Gets past. Any idea's?? Right. There's no @. qmail will accept the message, try to deliver it locally to the value of the control/defaultdomain file (or control/me if the former doesn't exist), and subsequently bounces the message. Regardless, where would you expect that message to go? The envelope recipient has no information that would make qmail know where to deliver it. This is not a vulnerability. qmail is not doing anything bad here. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc
Description: This is a digitally signed message part