Recently in UNIX Category
Isn't this rather neat? Okay, terribly malicious, but kind of neat. Admit it! So all a cracker has to do now is get a mac or a linux / unix machine, install an SMTP server on it, configure it properly, which is, of course, improperly, and then they send an e-mail from the guy they want to attack to as many addresses as they can, and then all of the bounces hit the target. Now get four or five mail servers you can do this from in colo.
Look, a full mailbox doesn't bother a user much. But you fill the mail queue on a server, and that server becomes super slow. You can do some serious damage with this one. I'm impressed.
Administrators, double check your servers. Make sure your server can't be used to do this by accident. Because now there are people out there looking for open relays in the hopes that they're configured this way, and when they find one they'll use it.
This article provides some excellent advice to linux software vendors, citing examples of the issues caused by the all-too-common carelessness of the companies. I have to highlight this and point out that they're right on all counts.
I also want to say that I think Best Practical, makers of RT, very much have the right idea when they provide an open source product, that works and can be used out of the box by any competent sysadmin. But they provide a level of service above and beyond. Their technical support and consulting costs some money -- and is worth every penny -- and as consultants they will happily set up your RT system as customized as you could ever desire.