[exim] Local user enumeration through RCPT

Startseite
Diese Nachricht ist Teil des folgenden Threads:
M++\Der komplette Thread sortiert nach Datum
MMMM 
.MMStephen Gran am ->
Nachricht löschen
Nachricht beantworten
Autor: Phill Wood
Datum:  
To: exim-users
Betreff: [exim] Local user enumeration through RCPT
Hi All

One of the servers we look after was recently "penetration tested" and they
could find very little wrong so they complained about silly things like it's
possible to see which users locally exist on the server through the answer
Exim provides to the RCPT command.

Any way of stopping this happening? I honestly can't see that it's such a
big problem myself and it looks like Exim is behaving just as it should.


Cheers
Phill
Diese Nachricht wurde auf der folgenden Mailing-List gepostet:
Exim-users
Mailing-List-Info | Nachrichten um die Zeit		<-Re: [exim] Open Relay - Exim 4.67 + SpamdRe: [exim] Local user enumeration through RCPT->
Tahini and Hummus and Cumin Development Archives administriert von cumin AdminsLurker (Version 2.3)