Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: qmail smtp-auth bug allows open relay
From: Frank Knobbe (fknobbeknobbeits.com)
Date: Wed Jul 16 2003 - 12:16:14 CDT
On Tue, 2003-07-15 at 18:14, Roberto Cardona wrote:
> Is the patch needed if the implementation of the auth module is correct? I
> checked and my conf files for qmail are setup correctly so I wonder if
> it's worth applying the patch. Thank you.
From what I understand, the patch just ensures that the system is not
vulnerable if you accidentally do not set it up correctly. I haven't
looked at the code, but according to the description, it checks for the
presence of all three command line arguments, and refuses to relay if
one is missing.
In other words, it's not a patch per se (i.e. to get rid of a bug), but
an added safety precaution. If you are confident, that you won't
misconfigure it by mistake, you don't need to apply the patch. Your
risk, your choice.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)
-----END PGP SIGNATURE-----