On Thu, 30 Mar 2000, Marc Haber wrote:
> when using nessus on a system that runs exim, a number of security
> issues are raised. Nessus complains that exim answers to EXPN and/or
> VRFY; sometimes it even complains that exim allows relaying.
Exim Manual Index: "expn" -> page 98 -> "expn_hosts". Exim answers to
EXPN only if you permit it to do so.
Exim Manual Inext: "very" -> page 98 -> "smtp_verify". Exim answer to
VRFY only if you permit it to do so.
You can easily check yourself whether it is anwering, or saying
550 EXPN not available
252 VRFY not available
Maybe the use of 252 is the "problem". It is recommended that this be
done (by those that discuss these things) because there are stupid
clients that attempt VRFY before sending a message.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.