[CentOS] OT: question on setting up an email server

Feizhou feizhou at graffiti.net
Tue Jun 21 06:48:41 UTC 2005


>>From postfix-users@
> 
> Georgi Guninski have found a remotely-exploitable security hole in
> qmail.
> <http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html>

Ooh, I am so worried.

My 16GB RAM server runs qmail-smtpd with no memory limits out of inetd 
on a FreeBSD 5.0 box on Opteron hardware and now I am vulnerable.

The 'exploit' might be possible IF you explicitly give the qmail-smtpd 
process unlimited memory and you have more than 4GB RAM available and 
you also run on an Opteron with FreeBSD 5.0.
> 
> D. Bernstein denied the claim, classified it as "portability problem"
> and refused to pay the prize.
> <http://cr.yp.to/qmail/guarantee.html>
> 
> Qmail's ML responded nervously to Guninski's post. Like everytime when
> anyone dare to say anything negative about qmail... It's quite
> interesting:

idiot postfix poster. There was hardly anything nervous on the list.
> "I said that Guninski's dick isn't half as big as he's trying to claim."
> "Go masturbate somewhere else."
> "Learn to read, moron."

idiot postfix poster at it again. Yeah, yeah, just quote Len's offensive 
posts about Guninski's 'security advisory'.


Quite a few qmail old hands such as Russel Nelson (maintainer of 
www.qmail.org) wanted DJB to update his installation instructions so 
that inetd is no longer mentioned.

The thing does not work on Linux and besides,there is no inetd on CentOS 
so you will have no security problems with qmail/netqmail.



More information about the CentOS mailing list