Re: [Exim] vulnerabilities

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Jethro R Binks
Data:  
Para: exim-users
Asunto: Re: [Exim] vulnerabilities
> EHLO is the extended HELO used by SMTP clients to introduce themselves
> to your server and find out the extended capabilities your server
> supports, to perhaps aid in more efficient transfer of mail. I don't see
> how it can be a security problem. RCPT is used to specify email
> recipients. If you disable it, you can't receive mail! So those guys who
> tested your network certainly didn't know what they were saying.


Maybe their logic goes that having RCPT enabled means Nasty Things could
Get In. Like virus attachments, and so forth.

... their view being that ANY entry point on a network is a
potential security problem. Which by some security philosophies, it
certainly is.

Did they send their request/comments to you by email? Now there would be
a fantastic irony...

Jethro.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks                                   Computing Officer, IT Services
Webmaster, Cachemaster, Listmaster;      University Of Strathclyde, Glasgow, UK
                                                      jethro.binks@???