[CentOS] qmail on CentOS 4.4

Tue Feb 6 22:13:52 UTC 2007
Les Mikesell <lesmikesell at gmail.com>

Peter Serwe wrote:

>> It's a very bad idea to let an unmodified qmail accept mail directly 
>> since it accepts all addresses, then later generates bounces to the 
>> ones that it can't deliver.  A dictionary attack will bury your 
>> outbound queue.

> Yeah, and unfortunately, there's only *umpteen* patches that deal with 
> that.  That dropping SMTP before
> accepting the messages into the queue cat has had it's skin removed so 
> many times there's no cat left, as well.

The old problems in sendmail have been fixed long ago as well.  The 
difference is that you don't have to assemble the umpteen patches 
yourself to get a usable copy and if there is a new update you can pick 
it up immediately from the distribution via 'yum update'.  Apparently, 
qmail's author won't allow anyone else to correct his work.

If I seem a little bitter about this, it is because the domain where 
qmail accepted those dictionary attack messages is _still getting_ about 
50,000 messages a day to non-existent users several years later.  The 
addresses must have made it onto some spam list because they were 
accepted once.   Fortunately, sendmail rejects them quickly now...

-- 
   Les Mikesell
    lesmikesell at gmail.com