Hi list! I'm installing a new Server and I installed Exim 4.88 (as I wrote yesterday. BTW: problem solved, thanks!).
The Server is almost ready, so I used OpenVAS to check it and discover if I forgot some security issue. OpenVAS said that Exim supports VRFY and EXPN and that this might be a security issue. It suggests to disable them, if I don't really need them. Well, I must say, that I'm really not sure IF I need them or not... I'm not sure, too, if they are enable, since I can't see them in the EHLO-answer and trying to verify an address results in: VRFY [email protected] 252 Administrative prohibition The same for EXPN. So, now the question(s): 1) are these commands enabled? I'd say not, if I understand the answer... I don't have any smtp_verify nor smtp_expn_hosts in my configure 2) do I need them? I think not, but I'd like to know what can be not working anymore if I disable them (if they are enabled...) 3) if they are not enabled, could someone explain me WHY OpenVAS says "The Mailserver on this host answers to VRFY and/or EXPN requests."? Thanks Luca Bertoncello ([email protected]) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
