"Andy Abshagen" <[EMAIL PROTECTED]> wrote:
>Yes. And no. I just read the preliminary report from them. The report
>actually states in it that it only affect qmail 1.02 and older. They
>dropped it on the report because they could not get our mail server to
>report a version number. Since we are running 1.03 they are removing the
>"problem" from the report.
Regardless of what your auditors say, the fact that you're having and
audit conducted--and running qmail--means that you're concerned about
security. In that case, you should verify that you've configured
qmail-smtpd to run with limited memory consumption. This is a real
issue, and it wasn't resolved by 1.03.
-Dave