Re: [Exim] vulnerabilities

Páxina inicial
Esta mensaxe é parte do seguinte fío:
M+++\Árbore completa do fío ordenada por data
MMMMMMarc Peiser o <-
MMMMSteve Haslam o ->
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Ian Southam
Data:  
Para: Marc Peiser
CC: exim-users
Asunto: Re: [Exim] vulnerabilities
On Fri, Jan 28, 2000 at 05:15:43PM +0000 Marc Peiser wrote :

> "SMTP daemons on your machine supports features (such as EHLO, RCPT, VRFY
> and EXPN) which my enable hackers to gain information which could be used
> to exploit other vulnerabilities."
>
> Are they been stupid or is there some precautions I can take?

Hello,

To save you any more embarrasment, your consultants are talking rubbish.

VRFY and EXPN can give out information about your network to third parties
which you may not want to make available. For this reason I think both (but
certainly VRFY) are disabled by default in Exim.

EHLO and RCPT however, if disabled would almost certainly reult in your site
being unable to receive mail at all. this would certainly be secure but maybe
just a tad over zealous.

--
Ian



Esta mensaxe foi enviada ás seguintes listas:
Exim-users
Información da lista | Mensaxes recentes		<-Re: [Exim] vulnerabilitiesRe: [Exim] vulnerabilities->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)