>I have all the security things enabled, including no SMTP VRFY. Why is this >behavior allowed? hmmm, the tool doesn�t use the SMTP VRFY command? >I even tried the utility on ipswitch's server, and found >it also vulnerable. I personally think this is quite dangerous as this can >be exploited to extract the user list available on your server. yep http://www.glocksoft.com/?source=AATools >Any comments? how about you looking at your Imail logs and telling/showing us what this tool does with SMTP commands to uncover your account names. Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
