On Sat, Jun 03, 2000 at 04:09:21AM +0000, Jim Breton wrote:
> On Fri, Jun 02, 2000 at 10:58:51PM -0500, Bob Waskosky wrote:
> > Your MTA is vulnerable to the 'mailto: files' attack. Is this a hole or a false
>positive because I,m scanning myself? Any ideas how to fix this?
>
>
> I believe Nessus (correct me if I'm wrong) is trying to send a mail
> message to a program like this:
>
> rcpt to: | programname
>
> in which case qmail doesn't handle it specially, it is probably getting
> picked up by your .qmail-default in ~alias (or getting bounced, if you
> don't have one).
>
Is this a hole and how would I plug it?
Thanks
--
I fish therefore I lie.
Bob Waskosky <[EMAIL PROTECTED]>
The Perl Zone - http://www.nobhead.com/perl/
-----------------------------------------------------