Hi!
> Heiko Schlittermann <hs@???> schrieb:
> > > > http://exim.org/exim-html-current/doc/html/spec_html/ch-smtp_processing.html#SECID237
> > > First, maybe you can write some words, too, isn't it? :)
> > Why. If the answer is given already?
>
> Politeness? ;)
There are very few people having the time to answer questions,
don't take terseness as unpolitness 8-}
> Or maybe because maybe the person with the problem is not sure about the
> meaning of the page?
Maybe, but guessing takes time, too 8-)
> > > Then to my problem...
> > > OK, now I know why Exim answer the commands and that they are NOT enabled.
> > >
> > > Am I right to say that there are NO security issue in my Exim (4.88)
> > > regarding VRFY and EXPN?
> >
> > Yes. There is no security issue in Exim at all, if you configure it
> > right or if you use the default example configuration. All other
>
> Well, I would NOT be so sure...
> If Exim has no security issue at all it's not needed to develop it forward...
Don't be so pedantic 8-) 4.88 was just released, so we're all
happy and think we have all bases covered.
> > security issues are due to configuration errors. (Thus you *can* run
> > commands on VRFY or EXPN via acl expansions. This *can* create security
> > issues.)
>
> Could you please explain your last sentence? I really don't understand it...
Well, in theory you can execute any kind of command if you
set some acl_smtp_vrfy/expn, even insecure commands -- so
nobody is save from shooting one's foot if one configures
things like that.
--
pi@??? +49 171 3101372 3 years to go !
