Brad Crittenden <bac@???> probably said:
> 1) claims we're relaying (though i've tried relaying through my host only to
> be denied)
Does it say what test it things relays ?
> 2) acceptance of mail from "|user@???" which is a risk if a message is
> constructed to bounce and is then piped to an executable.
| is a valid character in a local part as far as I know.
> i've searched the mailing list archives for mention of these and found
> nothing. is there a known reason nessus would give a false positive for
> relaying? has the "|address" problem been addressed?
|address isn't a problem, exim doesn't pass things to shell unless you
make it do that, and if you do you have to be careful about characters
in local parts.
Do you have receiver_try_verify or receiver_verify in your config ?
If not, read about them in the spec and add whichever one you feel is
appropriate.
P.
--
pir pir@??? pir@???
