Re: [Exim] nessus and exim

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Lorens Kockum
Data:  
Para: exim-users
CC: 
Assunto: Re: [Exim] nessus and exim
On exim-users I myself wrote:
>On exim-users exim-users.exim.org@??? wrote:
>>
>>when using nessus on a system that runs exim, a number of security
>>issues are raised. Nessus complains that exim answers to EXPN and/or
>>VRFY; sometimes it even complains that exim allows relaying.

[...]
>If they *are* false alarms, please post details, and I will see
>them transmitted to the author of Nessus.


I have transmitted your point of view to Renaud, who responded
that instead of a 550 for EXPN (Failure) he expected 500,
501, 502, 504 (Error). Sendmail and postfix send 502. After
reviewing the RFC wrt exim's behaviour, he has patched nessus
accordingly (cvs/nessus-plugins/scripts/sendmail_expn.nasl).

The patch is available by anonymous cvs at cvs.nessus.org.

HAND.