Postfix: A Secure and Easy-to-Use MTA

Posted by Hemos on Monday August 25, 2003 @12:43AM from the learn-more-about-it dept.

BSD Forums writes "On March 3rd, 2003, Internet Security Systems, in cooperation with the Department of Homeland Security, issued a warning regarding a hole found in Sendmail. The warning, echoed by CERT, warned system admins that any version lower than 8.12.8 was vulnerable to a serious root exploit. Sendmail has a long history of security holes, most of which have been thoroughly documented on security sites. While Sendmail runs half the mail servers in the world, there are smaller and easier-to-use mail transfer agents (MTAs). Network administrator Glenn Graham demonstrates how Postfix gives you most of the power with a fraction of the pain."

1 of 374 comments (clear)

Min score:

Reason:

Sort:

turning off confirmation that an addr exists by Anonymous Coward · 2003-08-25 02:02 · Score: 1, Offtopic

In the example, the mailer says "ok" when a
user is there and something else when it doesn't
following "RCPT TO:". this allows someone to
enumerate users and then later use that info in
a brute force attack against other services.
How to turn off that behavior? (ie make it say
OK for everybody)