Hello,
I thought I'd send you a quick email to let you know that this port seems to be full of security holes. While it seems to work in normal operations, I experienced numerous spam attacks caused by an apparent failure of AUTH(STARTTLS). Folks were authorizing using unknown accounts and passwords (backdoors?) and I faced a flood of spam as a result. I was able to log one account that was being used, and I was unable to block the attack even when I removed the account. These attacks continued even after I updated every email account to use a random 20 char password. The second issue I see here is that anyone that successfully authorizes can send email using any address they wish, which is why I was getting SPAM generated using fake email address as the originator. The port I am using is FreeBSD tahoestores.net 9.2-RELEASE-p10 FreeBSD 9.2-RELEASE-p10 #0: Tue Jul 8 10:48:24 UTC 2014 r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 and is the version of qmail is netqmail-tls-1.06.20110119. I would be happy to send you more detailed configurations docs. For now, I have had to drop tls support. Thanks Joel Rodriguez Gossamer Computer Services _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
