Miller, Dustin <[EMAIL PROTECTED]> wrote:
> Can't find this in the mailing list archives (perhaps I'm not searching well
> enough) but is EHLO really a security vulnerability in qmail?
No. All EHLO tells an attacker is your hostname, plus that you support
8BITMIME and PIPELINING.
> ISS reports that EHLO can be used by potential attackers.
Who is ISS? I think they're either badly mistaken or spreading FUD.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
