On Mon, Dec 17, 2007 at 01:57:05PM +0000, Phill Wood said: > Hi All > > One of the servers we look after was recently "penetration tested" and they > could find very little wrong so they complained about silly things like it's > possible to see which users locally exist on the server through the answer > Exim provides to the RCPT command. > > Any way of stopping this happening? I honestly can't see that it's such a > big problem myself and it looks like Exim is behaving just as it should.
You can start tempfailing after a certain number of failed rcpt to's or something, but other than that, well , that's how smtp works. -- -------------------------------------------------------------------------- | Stephen Gran | Gumperson's Law: The probability of a | | [EMAIL PROTECTED] | given event occurring is inversely | | http://www.lobefin.net/~steve | proportional to its desirability. | -------------------------------------------------------------------------- -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
