RobMcL
1
I’m getting a returned vulnerability on my own GCE VM.
Check if Mailserver answer to VRFY and EXPN requests
Some questions about this:
- why is the server listening for incoming mail? I can understand sending main but I don’t understand why it would receive SMTP mail.
- how to I fix this? can I simply turn off postfix? can I add the line to the main.cf that the scan comes back with as a recommendation?
For postfix add ‘disable_vrfy_command=yes’ in ‘main.cf’.
RobMcL
2
Following up to see what I can do about this. Anything?
Martin
3
We will release an updated version of the GCE with a fix for this soon. I will post a notification here once it is available.
2 Likes
Martin
5
The Greenbone Community Edition with Greenbone OS 5.0.12 has now been released and includes the mentioned fix:
3 Likes
RobMcL
6
Thanks @Martin. I have installed the latest version and can confirm this is no longer coming up as a vulnerability.
1 Like