* Roger Goh gpro...@gmail.com:
Hi,
During a VA scan, it's reported that my postfix server has
a security vulnerability :
EhloCheck: SMTP daemon supports EHLO
That is NOT a vulnerability.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin
Hi,
During a VA scan, it's reported that my postfix server has
a security vulnerability :
EhloCheck: SMTP daemon supports EHLO
1. How can I disable EHLO still send/receive mails?
2. Or is there a later version of postfix (let me know the
version) that addresses this or any patch to
1 more question:
if there's a way to disable EHLO or fixing it via a patch,
how do I verify (without running VA scan) that this EHLO
vulnerability has been fixed?
TIA
Roger
On May 3, 2011, at 8:42 AM, Roger Goh wrote:
1 more question:
if there's a way to disable EHLO or fixing it via a patch,
how do I verify (without running VA scan) that this EHLO
vulnerability has been fixed?
What vulnerability?! Who doesn't use EHLO?!?!
Perhaps you should use a
On 5/3/2011 10:34 AM, Roger Goh wrote:
Hi,
During a VA scan, it's reported that my postfix server has
a security vulnerability :
EhloCheck: SMTP daemon supports EHLO
EHLO is not a security vulnerability, rather it is a standard
feature of SMTP (not just postfix, but all mail servers).
Am 03.05.2011 17:34, schrieb Roger Goh:
Hi,
During a VA scan, it's reported that my postfix server has
a security vulnerability :
EhloCheck: SMTP daemon supports EHLO
where exactly is the security hole?
you should not trust the output of every tool blind without
try to understand
On May 3, 2011, at 8:49 AM, Reindl Harald wrote:Am 03.05.2011 17:34, schrieb Roger Goh:Hi,During a VA scan, it's reported that my postfix server hasa security vulnerability : EhloCheck: SMTP daemon supports EHLOwhere exactly is the security hole?you should not trust the output of every tool blind
During a VA scan, it's reported that my postfix server has a security
vulnerability : EhloCheck: SMTP daemon supports EHLO
As Roger Klorese pointed out, there is an advertised, fuzzy vulnerability
advisory out there regarding EHLO. However, as Noel Jones indicated, EHLO
is a standard part of
Ok, ok, no offence intended.
Can we mitigate it somewhat like what Roger Klorese suggested,
eg: restrict the info EHLO reveals or don't reveal actual hostname :
smtp_helo_name ($myhostname)
Use a fictitious hostname to send in the SMTP EHLO or HELO
command ( how do I do
from the url Roger Klorese provided,
http://www.iss.net/security_center/reference/vuln/smtp-ehlo.htm
it says :
SMTP daemons that support Extended HELO (EHLO) can release information
that could be useful to an attacker in performing an attack. Attackers
have been known to use the EHLO command
Roger Goh:
Hi,
During a VA scan, it's reported that my postfix server has
a security vulnerability :
EhloCheck: SMTP daemon supports EHLO
EHLO is required by the SMTP standard (RFC 5321).
Wietse
Can we mitigate it somewhat like what Roger Klorese suggested,
eg: restrict the info EHLO reveals or don't reveal actual hostname :
All the configuration items you mentioned are things that affect what
your Postfix will or won't do as a client talking to other servers.
These configuration
So what other 'vulnerable' configuration information EHLO reveals
how they can disabled/mitigated/fabricated ?
You may want to suppress the SIZE information (maximum size of a
message that your server will accept). Some hackers might take
this as a challenge and try to exploit it in a
On Tue, May 03, 2011 at 10:00:58AM -0700, Rich Wales wrote:
So what other 'vulnerable' configuration information EHLO reveals
how they can disabled/mitigated/fabricated ?
You may want to suppress the SIZE information (maximum size of a
message that your server will accept). Some hackers
-Original Message-
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Rich Wales
Sent: Tuesday, May 03, 2011 9:18 AM
To: postfix users
Subject: Re: security vulnerability : SMTP daemon supports EHLO
I can imagine that some hackers might
You may want to suppress the SIZE information . . . .
No, this is silly, one is better off advertising the maximum size
to avoid the vast majority unnecessary partial transmission of
overly large messages. An attacker can tie up SMTP server resources
whether the SIZE limit is known or not.
On Tue, May 03, 2011 at 11:15:57AM -0700, Rich Wales wrote:
A followup question. If I suppress the advertising of an extended
feature by listing it in smtpd_discard_ehlo_keywords, does that also
disable the feature? Or do I have to do other things to actually
turn a feature off and make it
Am 03.05.2011 19:00, schrieb Rich Wales:
So what other 'vulnerable' configuration information EHLO reveals
how they can disabled/mitigated/fabricated ?
You may want to suppress the SIZE information (maximum size of a
message that your server will accept). Some hackers might take
this as
18 matches
Mail list logo