--On Saturday, September 20, 2003 6:36 PM -0500 Andy Walden <andy@tigerteam.net> wrote:
Would this be a reference to the qmail-smtp-auth patch that recently was discovered, that if misconfigured, could allow incorrect relays?
No, that was the tip of the iceberg.
If so, I would say that this was an isolated incident for a single patch for a specific MTA and only when it was misconfigured. I'm not sure I would describe that as "secure by normal mechanisms" nor quite the epidemic it was the first week or two.
We've seen the same behavior out of Postfix, QMail, Imail, Mdaemon, Exchange, Sendmail, Mercury, Merak, NTMail, and others that I can't recall off the top of my head. In some cases, the relaying was fixed with the release of a new patch or a conf change. In others, particulary Exchange, the guest account was enabled, allowing open authentication. The big "BUT" is that there is a not insignificant number of other machines that have either been shown to have been brute forced or we've yet to determine the mechanism that allows the relay. The problem is not small.
I'm not necessarily making a statement one way or the other on port 25 filtering, but SMTP Auth, when properly configured and protected against brute force attacks is certainly a useful thing. YMMV of course.
Yes, it is a useful thing. It's not the ultimate answer. A machine that tests secure by any test we are willing to run, that requires fifteen character passwords, with mulitple special characters required, that is STILL relaying indicates there is a bad thing happening somewhere. -- Margie