Rick Lutowski <[EMAIL PROTECTED]> (Do 04 Jan 2007 18:11:34 CET): > Graeme Fowler wrote: > > > > Renaud was using the telnet client application on his machine to talk to > > the Exim SMTP server on yours. There's no evidence of a telnet server > > existing on your server, but you can betcha someone would already have > > got you if there was :) > > Which is why telnet, ftp, etc is not running!
But qpopper (which had some security problems), and some other
applications which do not have to be secure per se.
> Is there any way to disable the kind of access he
> demonstrated without compromising normal exim
> operation?
I'm not sure if in Exim 3.x you could reject unknown users already at
SMTP time, but if you'd upgrade to Exim 4.x: you can.
(AFAIR Debians install script tries to convert the config, but I'm not
sure, so be prepared to be challenged :))
Best regards from Dresden
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann HS12-RIPE -----------------------------------------
gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -
signature.asc
Description: Digital signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
