Koozali.org: home of the SME Server

Qmail and CVE-2005-1513

Offline Curtis

  • 12
  • +0/-0
Qmail and CVE-2005-1513
« on: July 15, 2020, 10:56:11 PM »
I happened upon this Qualys advisory from 2005 which appears to remain unpatched:
https://seclists.org/oss-sec/2020/q2/131

Elsewhere online, a suggested solution is to "make sure you have set a limit lower than 4 GB in /var/qmail/databytes..."

Could the above solution be implemented with a custom template? 

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Qmail and CVE-2005-1513
« Reply #1 on: July 15, 2020, 11:12:23 PM »
i have checked it few weeks ago and:
- we do not use qmail-smtpd
- we have the databyte already in place, in case one would have the idea to use qmail-smtpd

Offline Curtis

  • 12
  • +0/-0
Re: Qmail and CVE-2005-1513
« Reply #2 on: July 16, 2020, 03:09:57 PM »
i have checked it few weeks ago and:
- we do not use qmail-smtpd
- we have the databyte already in place, in case one would have the idea to use qmail-smtpd

Excellent!  Thanks very much, Jean-Philippe!