Re: Qmail passing sendmail vulnerability downstream

From: Joerg Over (over@dexia.de)
Date: 03/11/03

  • Next message: David Gillett: "RE: Justifying the spend on a vulnerability scanner"
    Date: Tue, 11 Mar 2003 20:58:29 +0100
    To: security-basics@securityfocus.com
    From: Joerg Over <over@dexia.de>
    
    

    Am 19:12 10.03.03 -0000 teilte Tim Thornton mir folgendes mit:

    -> I understand that Qmail is not vulnerable to the
    ->recent Sendmail issue, but I want to know if Qmail will
    ->still forward the sendmail vulnerability "modified
    ->oversized header" downstream to other MTA's, thus
    ->leaving downstream sendmail servers open to the
    ->vulnerability.

    Dunno if that helps, but postfix with latest version 2.0.6 doesn't anymore
    (2.0.5 did).

    Id wager that qmail does forward the header, and will so unless someone
    provides a patch and you use it, but different from my statement about
    postfix that's speculation.

    hth, jo

    -- 
    +-------------------------------------------------------------------+
    |  __ __ __ __ _ _          just another pointless signature        |
    | / _ \ V / -_) '_/                                                 |
    | \___/\_/\___|_|                                                   |
    +-------------------------------------------------------------------+
    

  • Next message: David Gillett: "RE: Justifying the spend on a vulnerability scanner"

    Relevant Pages

    • Re: [opensuse] Virtual domain, between Postfix and Qmail
      ... If the question is "Which MTA should I use?" ... What features were the deciding factor for you to choose Qmail? ... to compare it to Postfix. ... qmail than Sendmail or Postfix. ...
      (SuSE)
    • Re: [opensuse] Virtual domain, between Postfix and Qmail
      ... If the question is "Which MTA should I use?" ... What features were the deciding factor for you to choose Qmail? ... to compare it to Postfix. ... in Sendmail. ...
      (SuSE)
    • Re: Email Server ammended..
      ... I have tried qmail, ... postfix as soon as i hit send on this email... ... Subject: Email Server ... > Zmailer, Smail3, Porcupine, Sendmail, Qmail, and Postfix I've done some ...
      (Security-Basics)
    • Re: [opensuse] Virtual domain, between Postfix and Qmail
      ... Our look at qmail was some years ago so it's getting a bit fuzzy now. ... ISTR that qmail seemed to be full of gratuitous differences in the ... of alias files to do what we were doing in sendmail. ... One was running sendmail, the other postfix, default configs. ...
      (SuSE)
    • Re: which mta to choose
      ... >Postfix is easy to set up and works great. ... I switched from sendmail a few months ago. ... about Qmail, but after I did some research, I decided that it looks ... installed site-wide spam filters at catherders.com. ...
      (alt.os.linux)