On 19 May 2000, at 12:08, Peter Radcliffe wrote:
> Brad Crittenden <bac@???> probably said:
> > 1) claims we're relaying (though i've tried relaying through my host
> > only to be denied)
>
> Does it say what test it things relays ?
This error is that exim will accept if it is told not to verify the
receivers email address. I think there was an entry about this in
the FAQ without the verify option set, it will give 250 Address looks
symantically correct.. or something along those lines..
Jason
> > 2) acceptance of mail from "|user@???" which is a risk if a
> > message is constructed to bounce and is then piped to an executable.
>
> | is a valid character in a local part as far as I know.
>
> > i've searched the mailing list archives for mention of these and
> > found nothing. is there a known reason nessus would give a false
> > positive for relaying? has the "|address" problem been addressed?
>
> |address isn't a problem, exim doesn't pass things to shell unless you
> make it do that, and if you do you have to be careful about characters
> in local parts.
>
> Do you have receiver_try_verify or receiver_verify in your config ? If
> not, read about them in the spec and add whichever one you feel is
> appropriate.
>
> P.
>
> --
> pir pir@??? pir@???
>
>
>
---
Jason Robertson
Network Analyst
jason@???
http://www.astroadvice.com
