Re: [Exim] nessus and exim

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Philip Hazel
Data:  
Para: Marc Haber
CC: exim-users
Assunto: Re: [Exim] nessus and exim
On Thu, 30 Mar 2000, Marc Haber wrote:

> when using nessus on a system that runs exim, a number of security
> issues are raised. Nessus complains that exim answers to EXPN and/or
> VRFY; sometimes it even complains that exim allows relaying.


Exim Manual Index: "expn" -> page 98 -> "expn_hosts". Exim answers to
EXPN only if you permit it to do so.

Exim Manual Inext: "very" -> page 98 -> "smtp_verify". Exim answer to
VRFY only if you permit it to do so.

You can easily check yourself whether it is anwering, or saying

550 EXPN not available
252 VRFY not available

Maybe the use of 252 is the "problem". It is recommended that this be
done (by those that discuss these things) because there are stupid
clients that attempt VRFY before sending a message.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.