[GTER] Re: Opini?o: Servidor de email Linux

Hamilton Vera hamilton at i2.com.br
Sat Jan 1 12:36:42 -02 2005

Ou talvez....


"The qmail security guarantee
In March 1997, I offered $500 to the first person to publish a verifiable
security hole in the latest version of qmail: for example, a way for a
user to exploit qmail to take over another account.
My offer still stands. Nobody has found any security holes in qmail.

Of course, ``security hole in qmail'' does not include problems outside of
qmail: for example, NFS security problems, TCP/IP security problems, DNS
security problems, bugs in scripts run from .forward files, and operating
system bugs generally. It's silly to blame a problem on qmail if the
system was already vulnerable before qmail was installed! I also
specifically disallowed denial-of-service attacks: they are present in
every MTA, widely documented, and very hard to fix without a massive
overhaul of several major protocols. (UNIX does offer some tools to
prevent local denial-of-service attacks; see my resource exhaustion page
for more information. See also my page responding to Wietse Venema's

A group of qmail users offered a $1000 prize for one year under similar
rules. The prize was not claimed; the money was donated to the Free
Software Foundation."

Colocar patches de terceiros e apostar $500 nao deve ser uma coisa muito
inteligente :-).


On Sat, 1 Jan 2005, Rodrigo Campos wrote:

> Date: Sat, 1 Jan 2005 11:45:09 -0200
> From: Rodrigo Campos <camposr at gmail.com>
> To: Grupo de Trabalho de Engenharia e Operacao de Redes
>     <gter at eng.registro.br>
> Subject: Re: [GTER] Re: Opini?o: Servidor de email Linux
> Porque ele agora trabalha na Ironport e não tem mais tempo para se
> dedicar ao projeto do QMail. :-)

Hamilton Vera - Linux Powered - Anti Spam Policy
int Administrator (char Network[],char ComputationalSystems[]);
Seven Internet http://lib.seven.com.br
Linux User #338927
"Google is my shepherd, no want shall I know"

More information about the gter mailing list