On Mon, Dec 17, 2007 at 01:57:05PM +0000, Phill Wood said:
> Hi All
>
> One of the servers we look after was recently "penetration tested" and they
> could find very little wrong so they complained about silly things like it's
> possible to see which users locally exist on the server through the answer
> Exim provides to the RCPT command.
>
> Any way of stopping this happening? I honestly can't see that it's such a
> big problem myself and it looks like Exim is behaving just as it should.
You can start tempfailing after a certain number of failed rcpt to's or
something, but other than that, well , that's how smtp works.
--
--------------------------------------------------------------------------
| Stephen Gran | Gumperson's Law: The probability of a |
| steve@??? | given event occurring is inversely |
| http://www.lobefin.net/~steve | proportional to its desirability. |
--------------------------------------------------------------------------
