Date: Mon, 2 Mar 2015 11:37:56 -0800 From: "Joel F Rodriguez" <joel@tahoestores.com> To: <bdrewery@FreeBSD.org> Cc: ports@FreeBSD.org Subject: FreeBSD Port: netqmail-tls-1.06.20110119 Message-ID: <000b01d05520$62e3e000$28aba000$@tahoestores.com>
next in thread | raw e-mail | index | archive | help
Hello, I thought I'd send you a quick email to let you know that this port seems to be full of security holes. While it seems to work in normal operations, I experienced numerous spam attacks caused by an apparent failure of AUTH(STARTTLS). Folks were authorizing using unknown accounts and passwords (backdoors?) and I faced a flood of spam as a result. I was able to log one account that was being used, and I was unable to block the attack even when I removed the account. These attacks continued even after I updated every email account to use a random 20 char password. The second issue I see here is that anyone that successfully authorizes can send email using any address they wish, which is why I was getting SPAM generated using fake email address as the originator. The port I am using is FreeBSD tahoestores.net 9.2-RELEASE-p10 FreeBSD 9.2-RELEASE-p10 #0: Tue Jul 8 10:48:24 UTC 2014 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 and is the version of qmail is netqmail-tls-1.06.20110119. I would be happy to send you more detailed configurations docs. For now, I have had to drop tls support. Thanks Joel Rodriguez Gossamer Computer Services
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000b01d05520$62e3e000$28aba000$>