[Exim] nessus security report

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Brad Crittenden
日付:  
To: exim-users
題目: [Exim] nessus security report
yesterday i ran nessus against my machine and it reported two problems with
exim:

1) claims we're relaying (though i've tried relaying through my host only to
be denied)

and

2) acceptance of mail from "|user@???" which is a risk if a message is
constructed to bounce and is then piped to an executable.

i've searched the mailing list archives for mention of these and found
nothing. is there a known reason nessus would give a false positive for
relaying? has the "|address" problem been addressed?

thanks,

brad