From owner-freebsd-questions@FreeBSD.ORG Mon Sep 15 09:39:16 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5916116A4BF for ; Mon, 15 Sep 2003 09:39:16 -0700 (PDT) Received: from mygirlfriday.info (adsl-65-64-145-209.dsl.stlsmo.swbell.net [65.64.145.209]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2C8943F3F for ; Mon, 15 Sep 2003 09:39:14 -0700 (PDT) (envelope-from gv-list-freebsdquestions@mygirlfriday.info) Received: (qmail 19330 invoked from network); 15 Sep 2003 16:39:04 -0000 Received: from user204.net795.mo.sprint-hsd.net (HELO mork) (65.41.216.204) by mongo.mygirlfriday.info with DES-CBC3-SHA encrypted SMTP; 15 Sep 2003 16:39:04 -0000 Date: Mon, 15 Sep 2003 11:37:25 -0500 From: Gary X-Mailer: The Bat! (v2.00.6) Personal Organization: Hardly X-Priority: 3 (Normal) Message-ID: <607976500.20030915113725@mygirlfriday.info> To: 'FreeBSD' In-Reply-To: <011801c37ba2$251753b0$0200a8c0@bartxp> References: <15590000.1063504943@[192.168.0.5]> <011801c37ba2$251753b0$0200a8c0@bartxp> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: Not quite mail relay X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Sep 2003 16:39:16 -0000 Hello Derrick, Monday, September 15, 2003, 10:57:57 AM, you wrote: D> I think I figured it out. The qmail-smtpd.c patch for SMTP AUTH had an D> exploit. It did require authentications, but it didn't care what D> credentials you threw at it, so long as you sent something. Yes, there are/were a few SMTP auth patches put up by people who did not fully give the correct instructions on how to install with regards to the smtpd run file. qmail by itself has never had a security breach. Chances are you have a misconfigured qmail-smtpd run file, which some of these sites for patches have put up erroneously, causing this error. an explanation and fix is in the thread of http://marc.theaimsgroup.com/?l=qmail&m=105452174430616&w=2 Or, you can do the following: If you have the current source code and the patch you applied, you should be able to use "patch -R" to apply the patch in reverse, which will essentially remove it from qmail. If you don't know what qmail patches you have, it's probably best to re-install from scratch, so in the future you know how your system is configured. It just takes a few minutes to install from source. D> On that note, does anyone know of a way to get SMTP AUTH working with D> qmail without being an accidental relay? See above link for probable fix, or Yes, install qmail from source, run make setup check, and pick a good auth patch from lifewithqmail.org A good one is http://members.elysium.pl/brush/qmail-smtpd-auth/index.html -- Best regards, Gary