Hi! > Heiko Schlittermann <[email protected]> schrieb: > > > > http://exim.org/exim-html-current/doc/html/spec_html/ch-smtp_processing.html#SECID237
> > > First, maybe you can write some words, too, isn't it? :) > > Why. If the answer is given already? > > Politeness? ;) There are very few people having the time to answer questions, don't take terseness as unpolitness 8-} > Or maybe because maybe the person with the problem is not sure about the > meaning of the page? Maybe, but guessing takes time, too 8-) > > > Then to my problem... > > > OK, now I know why Exim answer the commands and that they are NOT enabled. > > > > > > Am I right to say that there are NO security issue in my Exim (4.88) > > > regarding VRFY and EXPN? > > > > Yes. There is no security issue in Exim at all, if you configure it > > right or if you use the default example configuration. All other > > Well, I would NOT be so sure... > If Exim has no security issue at all it's not needed to develop it forward... Don't be so pedantic 8-) 4.88 was just released, so we're all happy and think we have all bases covered. > > security issues are due to configuration errors. (Thus you *can* run > > commands on VRFY or EXPN via acl expansions. This *can* create security > > issues.) > > Could you please explain your last sentence? I really don't understand it... Well, in theory you can execute any kind of command if you set some acl_smtp_vrfy/expn, even insecure commands -- so nobody is save from shooting one's foot if one configures things like that. -- [email protected] +49 171 3101372 3 years to go ! -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
