Hi!
i've just scanned my mail server with nessus, and it found that
------------------
. Warning found on port smtp (25/tcp)
The remote SMTP server
answers to the EXPN and/or VRFY commands.
The EXPN command can be used to find
the delivery address of mail aliases, or
even the full name of the recipients, and
the VRFY command may be used to check the
validity of an account.
Your mailer should not allow remote users to
use any of these commands, because it gives
them too much informations.
Solution : if you are using sendmail, add the
option
O PrivacyOptions=goaway
in /etc/sendmail.cf.
Risk factor : Low
CVE : CAN-1999-0531
------------------
how can I block that?
--
Regards,
Robert
----------------
Robert Penz
[EMAIL PROTECTED]
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
