FreeBSD Port: netqmail-tls-1.06.20110119

Joel F Rodriguez joel at
Mon Mar 2 19:37:55 UTC 2015



I thought I'd send you a quick email to let you know that this port seems to
be full of security holes. While it seems to work in normal operations, I
experienced numerous spam attacks caused by an apparent failure of


Folks were authorizing using unknown accounts and passwords (backdoors?) and
I faced a flood of spam as a result. I was able to log one account that was
being used, and I was unable to block the attack even when I removed the
account. These attacks continued even after I updated every email account to
use a random 20 char password.


The second issue I see here is that anyone that successfully authorizes can
send email using any address they wish, which is why I was getting SPAM
generated using fake email address as the originator.


The port I am using is FreeBSD 9.2-RELEASE-p10 FreeBSD
9.2-RELEASE-p10 #0: Tue Jul  8 10:48:24 UTC 2014
root at  amd64 and
is the version of qmail is netqmail-tls-1.06.20110119.


I would be happy to send you more detailed configurations docs.


For now, I have had to drop tls support.




Joel Rodriguez

Gossamer Computer Services



More information about the freebsd-ports mailing list