Dennis Davis said:
> The crucial paragraph in this CERT Advisory is:
>
> The email attack vector is message-oriented as opposed to
> connection-oriented. This means that the vulnerability is
> triggered by the contents of a specially crafted email message
> rather than by lower-level network traffic. This is important
> because an MTA that does not contain the vulnerability may pass
> the malicious message along to other MTAs that may be protected
> at the network level. In other words, vulnerable sendmail
> servers on the interior of a network are still at risk, even if
> the site's border MTA uses software other than sendmail. Also,
> messages capable of exploiting this vulnerability may pass
> undetected through packet filters or firewalls.
>
> exim *doesn't* do content scanning. After all it's an MTA. exim
> will just pass any such message onto a vulnerable sendmail server.
Exim with exiscan-acl *does* do content scanning... We already use it for
a lot of virus and bad stuff checking... thus the reason for my asking.
The envirnoment I am dealing with in this case has all outside MTA's now
using Exim. But ugrading 300 internal unix servers is not going to happen
overnight and in some cases never (very old, Sequent NumaQ).
--
Kevin W. Reed - TNET Services, Inc.
Mailing List Account
URL:
http://www.tnet.com Support Forums:
http://www.tnet.com/forum
