4.12 Email Security Concerns

By default, Messaging Server enables four private commands called XADR, which returns information about how an address is routed internally by the MTA as well as general channel information, XCIR, which returns MTA circuit check information, XGEN, which returns status information about whether a compiled configuration and compiled character set are in use, and XSTA, which returns status information about the number of messages processed and currently in the MTA channel queues. Releasing such information may constitute a breach of security for some sites.

Sites may wish to disable these commands for the tcp_local channel by by adding the following lines to the file tcp_local_options, creating it if necessary.

DISABLE_ADDRESS=1
DISABLE_CIRCUIT=1
DISABLE_STATUS=1
DISABLE_GENERAL=1
.

Previous: 4.11 Setting a Failover LDAP Server
Next: Chapter 5 Configuring POP, IMAP, and HTTP Services