Heiko Schlittermann wrote: > Rick Lutowski <[EMAIL PROTECTED]> (Do 04 Jan 2007 18:11:34 CET): > > Is there any way to disable the kind of access he > > demonstrated without compromising normal exim > > operation? > > I'm not sure if in Exim 3.x you could reject unknown users already at > SMTP time, but if you'd upgrade to Exim 4.x: you can. > (AFAIR Debians install script tries to convert the config, but I'm not > sure, so be prepared to be challenged :))
IIRC, Exim 3.x can reject unknown recipients at SMTP time, I forget the version but I do recall this. I was late on upgrading, but that was years ago! =) Given this, I'd highly recommend that he not place his SMTP server back online until he has a basic understanding of what is going on. Converting his current to v4.x config will pretty much give him the same vulnerability (This is an assumption, but, as stated, you shouldn't rely solely on convert script to generate a corretly working config) -- Lab tests show that use of micro$oft causes cancer in lab animals Got Gas??? -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
