I had a security audit done on my server. I’m unsure about a couple of items.
- smtp (25/tcp)
The remote SMTP server is insufficiently protected against relaying
This means that spammers might be able to use your mail server
to send their mails to the world.
Nessus was able to relay mails by sending those sequences:
MAIL FROM: <nessus@www.domain.net>
RCPT TO: <nobody%security*****.com@[xxx.xxx.xxx.xxx]>
Risk factor : Medium
Solution : upgrade your software or improve the configuration so that
your SMTP server cannot be used as a relay any more.
Does this sound right? If so, how is SMTP secured?
- imap2 (143/tcp)
The remote host is running Remote PC Access Server.
This service could be used by an attacker to partially take control of the remote
system if they obtain the credentials necessary to log in (through a brute force
attack or by sniffing the network, as this protocol transmits usernames and
passwords in plain text).
An attacker may use it to steal your password or prevent your system from working
properly.
Solution : Disable this service if you do not use it.
Risk factor : Medium
My server is RHEL ES3 (Linux). Does this make sense?