FreeBSD Port: netqmail-tls-1.06.20110119
Joel F Rodriguez
joel at tahoestores.com
Mon Mar 2 19:37:55 UTC 2015
Hello,
I thought I'd send you a quick email to let you know that this port seems to
be full of security holes. While it seems to work in normal operations, I
experienced numerous spam attacks caused by an apparent failure of
AUTH(STARTTLS).
Folks were authorizing using unknown accounts and passwords (backdoors?) and
I faced a flood of spam as a result. I was able to log one account that was
being used, and I was unable to block the attack even when I removed the
account. These attacks continued even after I updated every email account to
use a random 20 char password.
The second issue I see here is that anyone that successfully authorizes can
send email using any address they wish, which is why I was getting SPAM
generated using fake email address as the originator.
The port I am using is FreeBSD tahoestores.net 9.2-RELEASE-p10 FreeBSD
9.2-RELEASE-p10 #0: Tue Jul 8 10:48:24 UTC 2014
root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 and
is the version of qmail is netqmail-tls-1.06.20110119.
I would be happy to send you more detailed configurations docs.
For now, I have had to drop tls support.
Thanks
Joel Rodriguez
Gossamer Computer Services
More information about the freebsd-ports
mailing list