.. but that is not really amavis-related. You might have other users that have guessable passwords as well. Running an unrestricted sshd is a big hole per se; The least everybody should do is to restrict the allowed users and disallow direct root login. Furthermore the user list should periodically be checked for well-known usernamens like admin, test etc. These should be disabled and for all necessary users like amavis or vscan it must be ensured that a direct login is not possible. The important thing is to actually prove the impossibility- some time ago I had a case where I put sshd restrictions in one config file and sshd was reading another one...
Jakob Curdes ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
