Robert Penz wrote: >Hi! > >i've just scanned my mail server with nessus, and it found that > >------------------ > . Warning found on port smtp (25/tcp) > > > The remote SMTP server > answers to the EXPN and/or VRFY commands. > > The EXPN command can be used to find > the delivery address of mail aliases, or > even the full name of the recipients, and > the VRFY command may be used to check the > validity of an account. > > > Your mailer should not allow remote users to > use any of these commands, because it gives > them too much informations. > > > Solution : if you are using sendmail, add the > option > O PrivacyOptions=goaway > in /etc/sendmail.cf. > > Risk factor : Low > CVE : CAN-1999-0531 >------------------ >how can I block that? > Was that a local scan, or a remote one?
_______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
