> Still no word on a fix? With all these IPSwitch people answering the
> small/easy questions why isn't the BIG one being resolved or even
> acknowledged?
How about explaining where the DOS possibility lies?
I have been following this for a while now. I can see where IMail breaks
the RFC (it doesn't send a CRLF in its response to AUTH CRAM-MD5). But how
does this relate to a DOS attack?
The URL you list states that the problem is that when one user is "stuck" in
this state, nobody else can access the SMTP server. But, using 6.03, I
tested this, and can not reproduce it. I telnet in with one session, enter
AUTH CRAM-MD5, and get the expected erroneous result (no CRLF). But, while
leaving that telnet session open, I can start another which works fine. I
can not get it to lock up.
Either the problem has been fixed in 6.03, or it in not being described well
enough.
-Scott
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
