Re: [Exim] vulnerabilities

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Marc Peiser
Datum:  
To: John Burnham
CC: Anand Buddhdev, Steve Haslam, exim mailing list
Betreff: Re: [Exim] vulnerabilities
We had some guys test the security on our network and this is what they
said:

"SMTP daemons on your machine supports features (such as EHLO, RCPT, VRFY
and EXPN) which my enable hackers to gain information which could be used
to exploit other vulnerabilities."

Are they been stupid or is there some precautions I can take?

Regards, Marc


>vrfy and expn - yeah, turn them off if you want. To turn off vrfy set
>smtp_verify = false
>in your exim config file (it defaults to false these days though....).
>As for expn the config value
>smtp_expn_hosts (which is a host list type)
>is what you're looking for. This is unset by default....
>But disabling EHLO and RCPT is probably not a good idea.....
> John
>
>
>
>--
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>