There has been an increase is what appears to be qmail based
open-relays over the last 5 days. Each of these servers
pass the normal suite of open-relay tests.
Spammers are scanning for SMTP-AUTH and STARTTLS based
mail servers that may be misconfigured. Then using them
to send out their trash.
Some early docs on setting up qmail based smtp-auth systems
had the config infor incorrect. This leads to /usr/bin/true
being used as the password checker.
From an operational perspective, I suspect we will see more
SMTP scans
The basic test (see URL above) should get incorporated into
various open-relay testing scripts.
Doubtful, he's *citing* a posting from an archive of the qmail list.
It's a heads-up for your abuse desk, that the trojaned DSL/cablemodem customers
of yours that have been acting as spam relays are likely to start scanning for
open qmail servers to abuse....
Nope, I thought it might be operational in nature. ergo
spammers and others now scanning for qmail-smtp-auth patch
users and using those weak sites as a relay.
the issue is that those sites will PASS the current "open relay"
check tools and thus not be BLACK LISTED.
Hey, what a cool feature. Passes open-relay test, won't get
black listed, and can be used to relay spam.
this might cause more traffic, more abuse complaints, more
headaches for those in operations…
yeah, all those lovely home based DSL/Cable/Wireless users with Linux/BSD
qmail-smtp-auth setups thinking they are safe and can relay off of their
nifty box at home / soho.
I think this *is* operational in nature. FYI, we have found this hack actively being used on seemingly secure qmail, exchange, IMail, postfix servers run by admins with clue. And we have a pattern of the same content and an apparent small set of source IPs. (I'm working on that angle now)
is one URL that talks about this.
...
Some early docs on setting up qmail based smtp-auth systems
had the config infor incorrect. This leads to /usr/bin/true
being used as the password checker.
That isn't a bug; it's a documentation problem and/or incompetent admin,
depending on how generous you're feeling.
S
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking