I had a security audit done on my server. I’m unsure about a couple of items.
- smtp (25/tcp)
The remote SMTP server is insufficiently protected against relaying This means that spammers might be able to use your mail server to send their mails to the world. Nessus was able to relay mails by sending those sequences: MAIL FROM: <firstname.lastname@example.org> RCPT TO: <nobody%security*****.com@[xxx.xxx.xxx.xxx]> Risk factor : Medium Solution : upgrade your software or improve the configuration so that your SMTP server cannot be used as a relay any more.
Does this sound right? If so, how is SMTP secured?
- imap2 (143/tcp)
The remote host is running Remote PC Access Server. This service could be used by an attacker to partially take control of the remote system if they obtain the credentials necessary to log in (through a brute force attack or by sniffing the network, as this protocol transmits usernames and passwords in plain text). An attacker may use it to steal your password or prevent your system from working properly. Solution : Disable this service if you do not use it. Risk factor : Medium
My server is RHEL ES3 (Linux). Does this make sense?