|
FWIW I have been shocked NOT to have seen any
evidence described of scanning for this vulnerablity here, and I wonder if it's
because we changed our default Hello Message in advanced SMTP configuration such
that it no longer mention imail.
The default Imail response to the initial hello
message seems to be along the lines of
220 domain.com (IMail 8.22
xxxx-x) NT-ESMTP Server X1
And I wonder whether the scans are looking
for that "Imail" response before continuing their nefarious
tasks.
Not that this is a solution, but might help out
those of you who don't want to apply the 8.22 hotfix right
away.
|
- Re: [IMail Forum] Update for SMTP vulnerability in ... Evan Eggers
- RE: [IMail Forum] Update for SMTP vulnerabilit... Beach Computers
- RE: [IMail Forum] Update for SMTP vulnerab... Rick Klinge
- Re: [IMail Forum] Update for SMTP vulnerabilit... Bill Green dfn Systems
- Re: [IMail Forum] Update for SMTP vulnerab... Dave Doherty
- Re: [IMail Forum] Update for SMTP vuln... Dave Doherty
- RE: [IMail Forum] Update for SMTP ... Matrosity Hosting
- AW: [IMail Forum] Update for ... Martin Schaible
- RE: [IMail Forum] Update ... Matrosity Hosting
- RE: [IMail Forum] Upd... Rick Hogue
- RE: [IMail Forum] Upd... Matrosity Hosting
