Re: [Exim] vulnerabilities

Top Page
This message is part of the following thread:
M----+\the complete thread tree sorted by date
M....MMAnand Buddhdev at <-
M+++\Marc Peiser at ->
Delete this message
Reply to this message
Author: John Burnham
Date:  
To: exim mailing list
Subject: Re: [Exim] vulnerabilities
> Hi there,
>
> I would like to disable features like EHLO, RCPT, VRFY and EXPN which
may
> enable hackers to gain information. Would you say this is a bad idea?
> If not, how do I go about doing this?
>
vrfy and expn - yeah, turn them off if you want. To turn off vrfy set
smtp_verify = false
in your exim config file (it defaults to false these days though....).
As for expn the config value
smtp_expn_hosts (which is a host list type)
is what you're looking for. This is unset by default....
But disabling EHLO and RCPT is probably not a good idea.....
John




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] vulnerabilitiesRe: [Exim] vulnerabilities->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)