spf-discuss
[Top] [All Lists]

Re: SPF will solve spam and punish spammers

2004-07-23 15:51:09
Actually,

These faults have been discovered because people were able to look into
the source. How many hidden bugs are there in exchange servers?? I
don't know, you don't know, no-one knows. Having this big list of
discoverd bugs is good imho. It'd be worried if my mta had only the one
discovered bug, makes me wonder what went undetected so far.

Koen

On Fri, Jul 23, 2004 at 05:14:35PM -0500, Ryan Malayter wrote:
[Michel Bouissou]
Impossible. They don't have any "GOOD SECURE mail server" at 
"A Micro$oft Shop".


Exactly how many port 25, remote code execution exploits have been
discovered against Microsoft SMTP/excahnge servers since 1 January 2000?


Exactly one:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0714

How many SMTP-level remote code exploits have there been of Sendmail?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694
And an entirely tojanned version of sendmail to boot:
http://www.cert.org/advisories/CA-2002-28.html

And Exim?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0399

Postfix?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0468

Qmail?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0654

All of these MTAs also have a few DoS vulnerabilites. I'm not sure how
you justify your claim. A Windows SMTP server firewalled to allow only
port 25 looks at least as secure as the other popular MTAs to me, in the
same configuration.

But let's not let the facts get in the way of a good fanatical crusade.
You hate Microsoft. We know. Post your rants on Slashdot, not here. Can
we move on to discussions of SPF now?

      -Ryan-

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money!  http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

-- 
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money!  http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: pgpYbcQyXh6zJ.pgp
Description: PGP signature