Sendmail : security problem ?

To: "debian's developers" <debian-devel@lists.debian.org>
Subject: Sendmail : security problem ?
From: Thierry Laronde <thierry.laronde@polynum.com>
Date: Sun, 22 Oct 2000 18:06:07 +0200
Message-id: <20001022180607.A7083@polynum.com>

Hello,

By default, the sendmail.cf sets PrivacyOptions to authwarnings only,
allowing one to telnet to port 25 and use SMTP commands VRFY and EXPN to
find user names, or to expand list aliases.

IMHO, default should be "goaway" (if we don't want this for finger, why
allowing it via SMTP ?).

A+
-- 
Thierry LARONDE <thierry.laronde@polynum.com>
10, rue du Bel Air, 74000 ANNECY - FRANCE/ Tel : 33.(0)4.50.67.46.61
/home du SDF (Site Debian Francophone) : http://www.polynum.com/sdf/

Reply to:

Prev by Date: Re: gpg failes to sign files on dpkg-buildpackage
Next by Date: Re: Helix debian packages
Previous by thread: Re: gpg failes to sign files on dpkg-buildpackage
Next by thread: sgml-tools, sgmltools : latter not in Packages.gz ?
Index(es):
- Date
- Thread