On Mon, 25 Feb 2002, Jan Patorra wrote: > hi davide, > > i recently ran a nessus (www.nessus.org) test against my xmail > machines... the following was discovered - dunno if you trust the tests > performed. (please notice that there are some duplicate messages > due to the way i ran nessus (enabled all plugins)). > > nevertheless i did a second nessus run with only the xmail test > module enabled (see apop/auth/user issue below) and 2 smtp tests > which deal with the helo issue... i got the same results (albeit 1 of the > vulnerabilities found each, not 4 :) > > could you please tell me your opinion on this davide ? i confess i do > not live very well with those results in mind.... if you need some info > about nessus (in case you never used it) i'll try to provide you with it... > thanks!
Ok, maybe this should go in a FAQ. These are bogus results because these softwares simply try to send looong lines to the server and XMail when detects not RFC conformant behavior drops the connection. So these tools think that the server crashed and reports the security hole. While XMail is still running healty. - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
