Peter Serwe wrote:
It's a very bad idea to let an unmodified qmail accept mail directly since it accepts all addresses, then later generates bounces to the ones that it can't deliver. A dictionary attack will bury your outbound queue.
Yeah, and unfortunately, there's only *umpteen* patches that deal with that. That dropping SMTP before accepting the messages into the queue cat has had it's skin removed so many times there's no cat left, as well.
The old problems in sendmail have been fixed long ago as well. The difference is that you don't have to assemble the umpteen patches yourself to get a usable copy and if there is a new update you can pick it up immediately from the distribution via 'yum update'. Apparently, qmail's author won't allow anyone else to correct his work.
If I seem a little bitter about this, it is because the domain where qmail accepted those dictionary attack messages is _still getting_ about 50,000 messages a day to non-existent users several years later. The addresses must have made it onto some spam list because they were accepted once. Fortunately, sendmail rejects them quickly now...
-- Les Mikesell lesmikesell@xxxxxxxxx _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos