hi, > > i recently ran a nessus (www.nessus.org) test against my xmail > > machines... the following was discovered - dunno if you trust the tests > > performed. (please notice that there are some duplicate messages > > due to the way i ran nessus (enabled all plugins)). > > > > nevertheless i did a second nessus run with only the xmail test > > module enabled (see apop/auth/user issue below) and 2 smtp tests > > which deal with the helo issue... i got the same results (albeit 1 of the > > vulnerabilities found each, not 4 :) > > > > could you please tell me your opinion on this davide ? i confess i do > > not live very well with those results in mind.... if you need some info > > about nessus (in case you never used it) i'll try to provide you with it... > > thanks! > > Ok, maybe this should go in a FAQ. These are bogus results because these > softwares simply try to send looong lines to the server and XMail when > detects not RFC conformant behavior drops the connection. So these tools > think that the server crashed and reports the security hole. While XMail > is still running healty.
ok, then this should be sent to the creator of the respecting nessus module to remove such faulty reports. thanks! - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
