[Exim] nessus security report

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Brad Crittenden
Date:  
À: exim-users
Sujet: [Exim] nessus security report
yesterday i ran nessus against my machine and it reported two problems with
exim:

1) claims we're relaying (though i've tried relaying through my host only to
be denied)

and

2) acceptance of mail from "|user@???" which is a risk if a message is
constructed to bounce and is then piped to an executable.

i've searched the mailing list archives for mention of these and found
nothing. is there a known reason nessus would give a false positive for
relaying? has the "|address" problem been addressed?

thanks,

brad