Matthew S. Hallacy writes: > http://www.securityfocus.com/bid/2237/exploit/ That's not a bug. qmail-smtpd is designed to run with rlimits. That's why they exist in the first place. See this page for more details: http://cr.yp.to/qmail/venema.html > the smtp auth "module" (admittedly, not distributed with qmail): > http://www.securityfocus.com/bid/1809/solution/ How is that even remotely relevant? That is a third party patch to qmail. That patch has a security hole, not qmail. With that logic, I could write buggy patches to any software and you would claim the software itself was insecure. > Just because software has had bugs, doesn't make it insecure. No, but software that has security holes is insecure. > Are you not encouraging people to run "insecure software"? My choice of email client has nothing to do with discussing MTAs. But apparently you lack the ability to understand that. I find it amusing that you can't find fault with what I am saying, so you have to find other, non-related things to attack me with. > qmail has vulnerabilities, they haven't been (publicly) found yet. Prove it. (Oh, you can't. What a surprise.) -- David Phillips <david at acz.org> http://david.acz.org/ _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list