Postfix: A Secure and Easy-to-Use MTA

Posted by Hemos on Monday August 25, 2003 @12:43AM from the learn-more-about-it dept.

BSD Forums writes "On March 3rd, 2003, Internet Security Systems, in cooperation with the Department of Homeland Security, issued a warning regarding a hole found in Sendmail. The warning, echoed by CERT, warned system admins that any version lower than 8.12.8 was vulnerable to a serious root exploit. Sendmail has a long history of security holes, most of which have been thoroughly documented on security sites. While Sendmail runs half the mail servers in the world, there are smaller and easier-to-use mail transfer agents (MTAs). Network administrator Glenn Graham demonstrates how Postfix gives you most of the power with a fraction of the pain."

4 of 374 comments (clear)

Min score:

Reason:

Sort:

Am I first? by LumberLumber · 2003-08-25 00:45 · Score: -1, Offtopic

I never been first poster before! --dan
1. Re:Am I first? by Anonymous Coward · 2003-08-25 00:47 · Score: -1, Offtopic
  
  No, GNAA got first post this time ho bag.
turning off confirmation that an addr exists by Anonymous Coward · 2003-08-25 02:02 · Score: 1, Offtopic

In the example, the mailer says "ok" when a
user is there and something else when it doesn't
following "RCPT TO:". this allows someone to
enumerate users and then later use that info in
a brute force attack against other services.
How to turn off that behavior? (ie make it say
OK for everybody)
Qmail Bondage & Dominance? by Anonymous Coward · 2003-08-25 02:25 · Score: -1, Offtopic

OOOooooo baby baby!