Re: qmail smtp-auth bug allows open relay
From: Frank Knobbe (fknobbe_at_knobbeits.com)
To: firstname.lastname@example.org Date: 16 Jul 2003 12:16:14 -0500
On Tue, 2003-07-15 at 18:14, Roberto Cardona wrote:
> Is the patch needed if the implementation of the auth module is correct? I
> checked and my conf files for qmail are setup correctly so I wonder if
> it's worth applying the patch. Thank you.
From what I understand, the patch just ensures that the system is not
vulnerable if you accidentally do not set it up correctly. I haven't
looked at the code, but according to the description, it checks for the
presence of all three command line arguments, and refuses to relay if
one is missing.
In other words, it's not a patch per se (i.e. to get rid of a bug), but
an added safety precaution. If you are confident, that you won't
misconfigure it by mistake, you don't need to apply the patch. Your
risk, your choice.
- application/pgp-signature attachment: This is a digitally signed message part