1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Metrics PCI compliance - Exim fails test.

Discussion in 'E-mail Discussions' started by jols, Oct 8, 2008.

  1. jols

    jols Active Member

    Joined:
    Mar 13, 2004
    Messages:
    1,098
    Likes Received:
    2
    Trophy Points:
    38
    This one is driving me crazy. I've absolutely looked at everything, updated everything, checked everything, etc. But still, the last three security scans from Security Metrics returns this failure:

    -------
    The remote host is running a version of the Exim MTA which is vulnerable to several remote buffer overflows. Specifically, if either 'headers_check_syntax' or 'sender_verify = true' is in the exim.conf file, then a remote attacker may be able to execute a classic stack- based overflow and gain inappropriate access to the machine. *** If you are running checks with safe_checks enabled, this may be a false positive as only banners were used to assess the risk! *** It is known that Exim 3.35 and 4.32 are vulnerable. Solution: Upgrade to Exim latest version Risk Factor: High
    -------

    -- YES - We do indeed have the latest version of Exim installed (see the version readout below).

    -- YES - The following are not found in any of our configuration files for Exim: headers_check_syntax, sender_verify and also by-the-way safe_checks (This is logical, because these variables probably only apply to former versions of Exim.)

    Here's the latest exim -bV readout:

    ---------------------------------------------
    Exim version 4.69 #1 built 10-Jun-2008 11:34:56
    Copyright (c) University of Cambridge 2006
    Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September 12, 2006)
    Support for: crypteq iconv() PAM Perl OpenSSL Content_Scanning Old_Demime Experimental_SPF Experimental_SRS Experimental_DomainKeys Experimental_DKIM
    Lookups: lsearch wildlsearch nwildlsearch iplsearch dbm dbmnz
    Authenticators: cram_md5 plaintext spa
    Routers: accept dnslookup ipliteral manualroute queryprogram redirect
    Transports: appendfile/maildir autoreply pipe smtp
    Size of off_t: 8
    Configuration file is /etc/exim.conf
    ---------------------------------------------

    Anyone know what could possibly be going on here?

    Thanks very much!
     
  2. SB-Nick

    SB-Nick Member

    Joined:
    Aug 26, 2008
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    It looks like a false positive from your PCI Compliance Company, i suggest you to contact them and request them to perform a manual PCI Compliance scan for that vulnerability in particular.
     
  3. procam

    procam Member

    Joined:
    Nov 24, 2003
    Messages:
    130
    Likes Received:
    0
    Trophy Points:
    16
    For those rushing to comply before the deadline if this is your only issue the exim false poz most likely you will not be able to get a reply from security metrics by email or phone as I was unable to the past few weeks~ simply shutdown exim and rerun the test after you are cleared print test and fax it in restart exim easier than spending days trying to reach these fools that wont answer the phone or email for manual approval.
     
  4. jen@draknet

    jen@draknet New Member

    Joined:
    Oct 29, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Weird - I had no problem getting them on the phone, and no problem passing the PCI compliance, either.

    The only part I failed was that the VBulletin login on my forum wasn't encrypted which, in and of itself, appears to have bloody nothing to do with credit card security but, hey, whatever floats their boat. :D
     
  5. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,452
    Likes Received:
    0
    Trophy Points:
    36
  6. innsites

    innsites Member

    Joined:
    Nov 30, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    PCI & Exim (securitymetrics)

    My last holdup on being certified was the exim risk factor. If you are running 4.69 and do not have 'headers_check_syntax' or 'sender_verify = true' in exim.conf, the only way to get certified with SecurityMetrics was to call tech support and forward a copy of exim -bV results to the tech by email. THAT SAID, the tech I spoke with today said they would REDUCE the risk factor for this particular vulnerability so as it would not be a holdup to certification in the future.

    ALL SET. PCI Certification on cPanel complete.

    KTC
    http://siteworks.com
     
  7. brejman

    brejman New Member

    Joined:
    Apr 16, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    had the same problem, changed two things at the same time so not sure exactly which one fixed that issue, it worked so i didn't care to test individually... lol

    1. whm >> security center >> smtp tweak: enable that

    2. on the domain/host you gave to SM, make sure under cpanel >> default address, that all unrouted mail is set to fail with a message

    i originally had mine set to black hole, what the pci scanner is looking for is the error message a mail server gives if there is no such user, if you have it set to black hole it assumes it is relaying mail but in fact it really isn't...

    i actually had that error message plus a few more, i changed these two settings and all the exim mail server issues (i had) with the security metrics pci scanner were resolved
     

Share This Page