On Tuesday, September 16, 2003, at 04:08 PM, Jeremy Kitchen wrote:
Upon further investigation I saw that autoresponder, when coming across
a Mailing-List header, would exit 100, causing qmail-local/vdelivermail
to bounce the message.
Am I wrong to think that autoresponder should silently ignore me
> I don´t wan´t to start a big discussion but i don´t think you understand
the
> potential risk here.
Looks like you don't really know anything about smtp and how it should work.
This is only issue of knowledgeless.
--
Eero
It really makes no sense posting this here. The qmail mailing list is the
place to discuss these concerns. why not do so?
At 08:41 AM 9/16/2003, Peter Nilsson wrote:
I don´t wan´t to start a big discussion but i don´t think you understand
the potential risk here.
The reson why i wrote it to this
"Peter Nilsson" <[EMAIL PROTECTED]> writes:
> I don´t wan´t to start a big discussion but i don´t think you understand
> the potential risk here. The reson why i wrote it to this list was also
> to warn about this issue, its a bad thing that qmail accept this kind of
> abuse as default
No, you to
I don´t wan´t to start a big discussion but i don´t think you understand the
potential risk here.
The reson why i wrote it to this list was also to warn about this issue, its
a bad thing that qmail accept this kind of abuse as default
No it is not a big security risk.
it is a risk that a us
"Peter Nilsson" <[EMAIL PROTECTED]> writes:
> Hi! I know that this group isn´t about qmail,
Then why post here in the first place? Use the qmail list.
> but maybe someone know about qmails blank rcp to problem, its a big
> security risk.
No it is not a big security risk.
> It is possible to
> just put !@ in badmailto, there is no fix, i have searched many ours and
> didn´t find any patches, tried qregex patch first but your qmail has to be
> clean and unpatched otherwise you will get errors when patching.
>
> after that i patched for glibc compile errors so it can compile on redhat
>
> I've been following this [offtopic] thread with some interest. Just to
> clarifyare the patches required for htis fix, or can you just put the
!@
> in the badmailto?
This:
http://www.unixpimps.org/software/qregex/
Have fun.
--
Eero
The mailing list 'staff' was setup using qmailadmin and my qmail server name
is 'walleye'. I (rjg) tried to send a message to [EMAIL PROTECTED] and cog the
following in maillog:
Sep 16 09:59:02 walleye qmail: 1063720742.650329 new msg 161734
Sep 16 09:59:02 walleye qmail: 1063720742.651732 info
Trey Nolen writes:
I've been following this [offtopic] thread with some interest. Just to
clarifyare the patches required for htis fix, or can you just put the !@
in the badmailto?
just put !@ in badmailto, there is no fix, i have searched many ours and
didn´t find any patches, tried qreg
I've been following this [offtopic] thread with some interest. Just to
clarifyare the patches required for htis fix, or can you just put the !@
in the badmailto?
Trey Nolen
> That did the trick, it is now solved, thank you everyone here that came
with
> suggestions to howto solve my problem
Eero Volotinen writes:
> Well, I think that C-interface is now antique and it slows too much
> development of qmailadmin.
But at least it runs quickly and isn't a major security hole. Without an
equivalent of suexec then your mail directories have to be readable and
writeable by the Apache user
> | If enought vpopmail functions are contributed to php
> | (http://fi.php.net/vpopmail) then
> | qmailadmin can ported to php and it get much faster development speed?
>
> That sounds like a nice idea. It would be very nice if I could use that
> level of integration for my PHP sites!
Well, I thi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Eero Volotinen wrote:
| Some thoughts:
|
| If enought vpopmail functions are contributed to php
| (http://fi.php.net/vpopmail) then
| qmailadmin can ported to php and it get much faster development speed?
That sounds like a nice idea. It would be very n
That did the trick, it is now solved, thank you everyone here that came with
suggestions to howto solve my problem.
My server now responsethats perfect
220 loke.yanet.dk ESMTP
helo
250 loke.yanet.dk
mail from:[EMAIL PROTECTED]
250 ok
rcpt to:
533 sorry, your envelope recipient has been den
> ok, but my problem isn´t fixed, what about your server is it secure? i
will
> wubscribe to the qmail mailling list.
My mailserver is secure.
You can put !@ to /var/qmail/control/badmailto, it fixes your problem.
You can get chkuser patch from shupp.org, first install big qmail toaster
patch
an
> But i´m still able to have a blank rcpt to:
>
> Have ensured that qmail-send is replaced with the patched version.
Put
!@
to /var/qmail/control/badmailto rcpt field must contain @ char.
--
Eero
Eero Volotinen writes:
I was to fast, still having the problem and i have as described created a
You use vpopmail? then apply this patch too
(http://www.shupp.org/patches/chkuser.patch)
It checks that receiver exists before you can send mail or build regexp to
badmailto what blocks
If not happy
> I was to fast, still having the problem and i have as described created a
> badmailto file where this is putted in:
>
> # must not contain invalid characters, brakets or multiple @'s
> [\W\D!%#:\*\^]
> [\(\)]
> [\{\}]
> @.*@
>
>
> But i´m still able to have a blank rcpt to:
>
You use vpopmail? t
I was to fast, still having the problem and i have as described created a
badmailto file where this is putted in:
# must not contain invalid characters, brakets or multiple @'s
[\W\D!%#:\*\^]
[\(\)]
[\{\}]
@.*@
But i´m still able to have a blank rcpt to:
Have ensured that qmail-send is repla
First i had an error with the qregex patch...found the error, it was a
earlier patch that created the problem, thanks:
It was a (mfcheck) from Nagy Balazs that created the problem
Now the problem is solved and my server is safe again :-)
;-Peter
Eero Volotinen writes:
It is possibl
>
> It is possible to telnet to a qmail server and do this:
>
> helo
> mail from:[EMAIL PROTECTED]
> rcpt to:
> data
> he he here is a delivery failure...you will be flooded with this
> .
>
> Se this enable an attacker to use your qmail server to create a flood of
> delivery failures to the adresse
22 matches
Mail list logo
