Rick Lutowski <rick@???> (Do 04 Jan 2007 18:11:34 CET):
> Graeme Fowler wrote:
> >
> > Renaud was using the telnet client application on his machine to talk to
> > the Exim SMTP server on yours. There's no evidence of a telnet server
> > existing on your server, but you can betcha someone would already have
> > got you if there was :)
>
> Which is why telnet, ftp, etc is not running!
But qpopper (which had some security problems), and some other
applications which do not have to be secure per se.
> Is there any way to disable the kind of access he
> demonstrated without compromising normal exim
> operation?
I'm not sure if in Exim 3.x you could reject unknown users already at
SMTP time, but if you'd upgrade to Exim 4.x: you can.
(AFAIR Debians install script tries to convert the config, but I'm not
sure, so be prepared to be challenged :))
Best regards from Dresden
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann HS12-RIPE -----------------------------------------
gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -
