This warning only applies if you were running sendmail, because there is a
vulnerability from sending a long HELO message. James doesn't have this
bug, so you're getting a false warning. (there's nothing in the HELO
command that could allow you to send a message.)
Serge Knystautas
Loki Technologies
http://www.lokitech.com/
----- Original Message -----
From: "Jacques Lema" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 26, 2001 8:33 AM
Subject: Security with HELO
> Hi, I just scanned my system running james 1.2.1...
>
> Warning is included below. Does this warning apply to james and if so how
> can I avoid that?
>
> Thanx
>
>
> Warning found on port smtp (25/tcp)
>
> The remote STMP server seems to allow remote users to
> send mail anonymously by providing a too long argument
> to the HELO command (more than 1024 chars).
>
> This problem may allow bad guys to send hate
> mail, or threatening mail using your server
> and keep their anonymity.
>
> Risk factor : Low.
>
> Solution : If you are using sendmail, upgrade to
> version 8.9.x. If you do not run sendmail, contact
> your vendor.
> CVE : CAN-1999-0098
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
