Am 03.05.2011 17:34, schrieb Roger Goh: > Hi, > > During a VA scan, it's reported that my postfix server has > a security vulnerability : > > EhloCheck: SMTP daemon supports EHLO
where exactly is the security hole? you should not trust the output of every tool blind without try to understand what the output means EHLO is a part of ESMTP ____________________ http://en.wikipedia.org/wiki/ESMTP Some relatively common keywords (not all of them corresponding to commands) used today are: * 8BITMIME — 8 bit data transmission, RFC 6152 * ATRN — Authenticated TURN for On-Demand Mail Relay, RFC 2645 * SMTP-AUTH — Authenticated SMTP, RFC 4954 * CHUNKING — Chunking, RFC 3030 * DSN — Delivery status notification, RFC 3461 (See Variable envelope return path) * ETRN — Extended version of remote message queue starting command TURN, RFC 1985 * HELP — Supply helpful information, RFC 821 * PIPELINING — Command pipelining, RFC 2920 * SIZE — Message size declaration, RFC 1870 * STARTTLS — Transport layer security, RFC 3207 (2002) * UTF8SMTP — Allow UTF-8 encoding in mailbox names and header fields, RFC 5336
signature.asc
Description: OpenPGP digital signature
