From postfix-users@
Georgi Guninski have found a remotely-exploitable security hole in qmail.
Ooh, I am so worried.
My 16GB RAM server runs qmail-smtpd with no memory limits out of inetd on a FreeBSD 5.0 box on Opteron hardware and now I am vulnerable.
The 'exploit' might be possible IF you explicitly give the qmail-smtpd process unlimited memory and you have more than 4GB RAM available and you also run on an Opteron with FreeBSD 5.0.
D. Bernstein denied the claim, classified it as "portability problem" and refused to pay the prize.
Qmail's ML responded nervously to Guninski's post. Like everytime when anyone dare to say anything negative about qmail... It's quite interesting:
idiot postfix poster. There was hardly anything nervous on the list.
"I said that Guninski's dick isn't half as big as he's trying to claim." "Go masturbate somewhere else." "Learn to read, moron."
idiot postfix poster at it again. Yeah, yeah, just quote Len's offensive posts about Guninski's 'security advisory'.
Quite a few qmail old hands such as Russel Nelson (maintainer of wanted DJB to update his installation instructions so that inetd is no longer mentioned.
The thing does not work on Linux and besides,there is no inetd on CentOS so you will have no security problems with qmail/netqmail.