Hello Frederik,
Tuesday, March 4, 2003, 11:28:10 AM, you wrote:
FG To Whom It May Concern ...
FG ---
FG CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
FGOriginal release date: March 3, 2003
FGLast revised: --
FGSource: CERT/CC
FGA complete revision history can
This advisory only corresponds to Sendmail MTA. XMail is another
MTA that do not contain this vulnerability (i hope :))
i guess frederik knows that - the mail was just FYI and shows us that we are
using the right MTA :-))
-
To unsubscribe from this list: send the line unsubscribe xmail in
the
Im not :-(
- Original Message -
From: Sönke Ruempler [EMAIL PROTECTED]
Newsgroups: saltstorm.xmail
Sent: Tuesday, March 04, 2003 8:55 AM
Subject: [xmail] Re: CERT Advisory CA-2003-07 Remote Buffer Overflow in
Sendmail
This advisory only corresponds to Sendmail MTA. XMail is another
oops sorry
- Original Message -
From: Sönke Ruempler [EMAIL PROTECTED]
Newsgroups: saltstorm.xmail
Sent: Tuesday, March 04, 2003 8:55 AM
Subject: [xmail] Re: CERT Advisory CA-2003-07 Remote Buffer Overflow in
Sendmail
This advisory only corresponds to Sendmail MTA. XMail is another
Hello Sönke,
Tuesday, March 4, 2003, 11:55:07 AM, you wrote:
This advisory only corresponds to Sendmail MTA. XMail is another
MTA that do not contain this vulnerability (i hope :))
SR i guess frederik knows that - the mail was just FYI and shows us that we are
SR using the right MTA :-))
unsuscribe
-
To unsubscribe from this list: send the line unsubscribe xmail in
the body of a message to [EMAIL PROTECTED]
For general help: send the line help in the body of a message to
[EMAIL PROTECTED]
unsuscribe xmail
-
To unsubscribe from this list: send the line unsubscribe xmail in
the body of a message to [EMAIL PROTECTED]
For general help: send the line help in the body of a message to
[EMAIL PROTECTED]
unsuscribe
-
To unsubscribe from this list: send the line unsubscribe xmail in
the body of a message to [EMAIL PROTECTED]
For general help: send the line help in the body of a message to
[EMAIL PROTECTED]
hope u r right :-)
hmmm but that bug seems to be heavy! our provider called us if he should
upgrade our servers. no we don't use sendmail, fortunately :-)
soenke.
-
To unsubscribe from this list: send the line unsubscribe xmail in
the body of a message to [EMAIL PROTECTED]
For general help:
If i put a sniffer i can get all the passwds when people get their e-mails.
How can i protect the xmail server to make it secure?
CIao
Rui
-
To unsubscribe from this list: send the line unsubscribe xmail in
the body of a message to [EMAIL PROTECTED]
For general help: send the line help in the
If i put a sniffer i can get all the passwds when people get their
e-mails.
a hacker could only sniff passwords with a man-in-the-middle-attack, eg on
a router.
How can i protect the xmail server to make it secure?
xmail is secure, but the protocols are not, you can use ssl tunneling:
You could also force CRAM-MD5 auth to be used for pop3 :)
unfortunately the most popular MUA OE does not support APOP ;-(
-
To unsubscribe from this list: send the line unsubscribe xmail in
the body of a message to [EMAIL PROTECTED]
For general help: send the line help in the body of a message
Ok,
I have my smtprelay.tab file blank, and I have EnableAuthSMTP-POP3 0 in
server.tab. I set my mail client for smtp auth and everything works, and if I dont
have smtp auth set it doesn't work(i get an auth error). So in that aspect everything
works, but how come when I do an open relay
You have:
EnableAuthSMTP-POP3 0
and must be:
EnableAuthSMTP-POP3 1
Gustavo
- Original Message -
From: Benny [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 04, 2003 7:52 PM
Subject: [xmail] open relay
Ok,
I have my smtprelay.tab file blank, and I have
Yeah I thought and tried that too... But then it doesnt care if my client
even does smtp-auth. In fact I have turned off smtp-auth on my client(OE)
and I set :
EnableAuthSMTP-POP31
And this message will go through without smtp-auth.
benny
- Original Message -
From: Gustavo Galvan
I have used the test sites below:
http://abuse.net/relay.html
http://members.iinet.net.au/~remmie/relay/
http://www.paladincorp.com.au/unix/spam/spamlart/
Those are just some I tested. And the last one comes back with several
errors and it looks like my server is not an open relay, but the
Here is the email I get from the test site http://abuse.net
-
This is a test of third-party mail relay, generated via the
Network Abuse Clearinghouse at http://www.abuse.net.
Target host = thedaily.tv
Hi,
I have just recentally installed XMail on our office linux box, and it is=
=20
doing it's job nicly (as an SMPT server, inhouse emails, and connecting t=
o=20
our offsite internet server using POP syncronisation). However for some=20
reason Outlook 2000 clients are unable to connect - the
That IP Address is listed in two open relay databases.
http://www.dnsstuff.com/tools/ip4r.ch?ip=3D24.94.213.208
-Original Message-
From: Benny [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 04, 2003 3:11 PM
To: [EMAIL PROTECTED]
Subject: [xmail] Re: open relay
=20
=20
=20
Here is
When you perform the test, you have to tell the test email to send to an
email address that is NOT handled by the server you are testing.
If you register at abuse.net, there is a check box i think to have them
generate an email address to use for the test. it will still send the
results to the
No, the email is a result of the test below from http://abuse.net.
---
Mail relay testing
Mail relay testing
Connecting to thedaily.tv for registered user test ...
220 [EMAIL PROTECTED] [XMail 1.12 (Linux/Ix86) ESMTP
Server]
service
Try unchecking the option to login using Secure Password Authentication.
I believe OL XP supports APOP, but OL 2000 does not.
If that doesn't help, try specifying the full email address for the user
name: [EMAIL PROTECTED]
I don't see why that one would be different between 2000 and XP, so I
0 is the correct setting. Notice how on the relay test it says:
RCPT TO:[EMAIL PROTECTED]
The server should always accept messages for your domain! Relay meaning that
the server accepts messages that should arrive at a server other than your
own. The only case you want that to happen is if
The option you want to enable is on the 2nd tab of the account config my
outgoing server requires authenticaion (something like that, I have the
Spanish version of Office 2000. The option is NOT secure password
authentication. You need not click the options button next to this option,
the default
Alright thanks everyone for seeing my dumb mistakes :) And thanks for the
clarification on that Seth.
I appreciate the help.
benny
- Original Message -
From: Seth A. Munroe [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 04, 2003 5:38 PM
Subject: [xmail] Re: open relay
Squid can be used to proxy SMTP!!?? I was playing around with it the other
day and now my server is blacklisted somewhere
http://njabl.org/cgi-bin/lookup.cgi?query=65.19.129.24
-
To unsubscribe from this list: send the line unsubscribe xmail in
the body of a message to [EMAIL PROTECTED]
For
-Original Message-
From: Davide Libenzi [mailto:[EMAIL PROTECTED]
=20
On Tue, 4 Mar 2003, Steven Peck wrote:
=20
That IP Address is listed in two open relay databases.
http://www.dnsstuff.com/tools/ip4r.ch?ip=3D24.94.213.208
=20
It does not look like that to me. The form
Yeah Steven, when I originally first did up the xmail server, I had not
cleared out the smtprelay.tab, but then I cleared it out, so chances are I
probably got into those list during that time. I should be ok now, with
your guys' help.
Thanks!
Benny
- Original Message -
From: Steven
But our problem is with POP authentication not SMTP - the latter is=20
working very well, would that matter?.
Will.
On Wednesday 05 March 2003 09:40, Andrew Joakimsen wrote:
The option you want to enable is on the 2nd tab of the account config =
my
outgoing server requires authenticaion
In server.tab do you have
EnableAuthSMTP-POP31
-Mensaje original-
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
nombre de William Denniss
Enviado el: Tuesday, March 04, 2003 6:56 PM
Para: [EMAIL PROTECTED]
Asunto: [xmail] Re: POP3 Authentication error for Outlook 2000
But our
Nope, you are listed as an open http proxy ( a thing that can be used
to view aminaked.com ) not as an open mail relay ( a thing that can used
to send get herbal viagra and make $$$ fast). Different kind of open.
Mircea C.
Andrew Joakimsen wrote:
Squid can be used to proxy
Well look @ that URL
65.19.129.24:hc:3128: HTTP request successeful (200)
65.19.129.24:hc:3128: 220 rt.njabl.org ESMTP Sendmail 8.11.6/8.11.6; Fri,
28 Feb 2
65.19.129.24:hc:3128: 003 13:30:29 -0500\r\n
ESMTP and an HTTP request? Why would that block email then?
-Mensaje original-
De:
Lame self-reply after research: I'll be damned, squid it CAN proxy SMTP
also, wow, no they can go aminaked.com AND send buy herbal viagra in
the same time !!!
Mircea C.
Mircea Ciocan wrote:
Nope, you are listed as an open http proxy ( a thing that can be used
On Wednesday 05 March 2003 09:59, Andrew Joakimsen wrote:
In server.tab do you have
EnableAuthSMTP-POP31
yes
Will.
-
To unsubscribe from this list: send the line unsubscribe xmail in
the body of a message to [EMAIL PROTECTED]
For general help: send the line help in the body of a message
1) - I try both full email and just username, neither works.
the username only works fine in OL XP and Kmail...
2) This check is not enabled.
3) I agree. but alas you have to give the people what they want.. :(
The exact error message is: There was a problem logging onto your
mail server.
Are you sure it's an outlook issue and not just a general networking issue?
Can those machines telnet to the mail server over port 110 using the same
hostname as specified in the pop3 server settings of outlook?
use these commands:
TELNET hostname.com 110
USER username
PASS password
STAT
QUIT
On Wednesday 05 March 2003 10:40, you wrote:
Are you sure it's an outlook issue and not just a general networking is=
sue?
Can those machines telnet to the mail server over port 110 using the sa=
me
hostname as specified in the pop3 server settings of outlook?
use these commands:
TELNET
Don't keep us in suspense. After such a long thread, I wan't to know what
needed to be changed.
Rob :-) grin
__
Censorship can't eliminate evil; it can only kill freedom.
-Original Message-
From: [EMAIL PROTECTED]
there were a few factors I think, I telnet'ed on the offending computer u=
sing=20
an account which I knew worked and got a sucessfull result, I reset the=20
particular user's password on the server, then deleted/added the account=20
again with a full username and making sure none of the SSL
39 matches
Mail list logo