Author: Luca Bertoncello Date: To: Exim-Users Subject: [exim] VRFY and EXPN: need I really them?
Hi list!
I'm installing a new Server and I installed Exim 4.88 (as I wrote yesterday.
BTW: problem solved, thanks!).
The Server is almost ready, so I used OpenVAS to check it and discover if I
forgot some security issue.
OpenVAS said that Exim supports VRFY and EXPN and that this might be a
security issue.
It suggests to disable them, if I don't really need them.
Well, I must say, that I'm really not sure IF I need them or not...
I'm not sure, too, if they are enable, since I can't see them in the
EHLO-answer and trying to verify an address results in:
VRFY lucabert@???
252 Administrative prohibition
The same for EXPN.
So, now the question(s):
1) are these commands enabled? I'd say not, if I understand the answer...
I don't have any smtp_verify nor smtp_expn_hosts in my configure
2) do I need them? I think not, but I'd like to know what can be not working
anymore if I disable them (if they are enabled...)
3) if they are not enabled, could someone explain me WHY OpenVAS says "The
Mailserver on this host answers to VRFY and/or EXPN requests."?