I have qmail 1.03, with tcpserver, vpopmail and qmailscanner and when I test my
network for vulnerabilities using
AXENT Netrecom 3.0 the following security results is displayed about my qmail server
SMTP allows remote command execution via recipient filter.
Description: Attackers can execute arbitrary shell commands by addressing e-mail to a
Note: If your SMTP software does not support filters, this is not a vulnerability.
if you are not sure if your SMTP
software supports filters, contact your vendor. This vulnerability aplies
primarily to UNIX systems.
Solution: Upgrade or replace your SMTP server, or verify that it does not support
Questions: Anybody know anything about this? Where can I get additional information
about this? This Results checks is True or false?
(Sorry by my poor english)
Agnaldo Mariano Monteiro