Author: John Burnham Date: To: Marc Peiser CC: exim-users Subject: Re: [Exim] vulnerabilities
> We had some guys test the security on our network and this is what
they > said:
>
> "SMTP daemons on your machine supports features (such as EHLO, RCPT, VRFY > and EXPN) which my enable hackers to gain information which could be used > to exploit other vulnerabilities."
>
> Are they been stupid or is there some precautions I can take?
Some people think vrfy and expn are security problems.
VRFY allows an address to be verified. I use it occasionally when I'm
trying to determine whether an address is valid or not.
EXPN gives what the email address expands out to on that machine, so you
could check where postmaster@??? goes.
This might be regarded as too much information for some people.
EHLO is the smtp command that identifies you to an MTA (and tells it to
use ESMTP instead of SMTP). Some systems might allow you to disable it
and only allow HELO (which does the same job but only gives you SMTP).
RCPT specifies the recipient of an email. Disabling this will make mail
transfer a bit difficult. If you're interested, can I suggest you have a
quick read of RFC 821 and 822 (and a few others, but they can wait) ?
John.