Autor: John Burnham Fecha: A: exim-users Asunto: Re: [exim] Local user enumeration through RCPT
> One of the servers we look after was recently "penetration > tested" and they
> could find very little wrong so they complained about silly
> things like it's
> possible to see which users locally exist on the server
> through the answer
> Exim provides to the RCPT command.
> Actually, surely all it's doing is enumerating the email addresses that that server
accepts mail for.... This may have little or no connection to the OS user accounts.
J
