Hugo Espuny discovered a problem in sendmail, a commonly used program to deliver electronic mail. When installing "sasl-bin" to use sasl in connection with sendmail, the sendmail configuration script use fixed user/pass information to initialise the sasl database. Any spammer with Debian systems knowledge could utilise such a sendmail installation to relay spam.
For the stable distribution (woody) this problem has been fixed in version 8.12.3-7.1.
For the unstable distribution (sid) this problem has been fixed in version 8.13.1-13.
We recommend that you upgrade your sendmail package.