Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Help Please!! PCI Test Failed due to Mail Relay via POP User
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
nooby210
n00b
n00b


Joined: 08 Jun 2011
Posts: 6

PostPosted: Wed Jun 08, 2011 10:20 pm    Post subject: Help Please!! PCI Test Failed due to Mail Relay via POP User Reply with quote

Hello everyone,

I recently just failed a PCI Compliant test because of an e-mail issue. The results were (Mail Relay via POP User) anyone have any idea of how to fix this Relay issue?? any help would be greatly appreciated.

Thanks A Million.




-Brady
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10459
Location: Somewhere over Atlanta, Georgia

PostPosted: Thu Jun 09, 2011 12:13 am    Post subject: Reply with quote

Hello nooby210,

Are you a Markov chain spambot?

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
Carnildo
Guru
Guru


Joined: 17 Jun 2004
Posts: 594

PostPosted: Thu Jun 09, 2011 1:40 am    Post subject: Reply with quote

I don't think a Markov-chain spambot could have come up with such a coherent question.

nooby210 is saying that they failed a PCI compliance test because they've got an inadequately secured email server on their network. Without knowing what software they're using and how it's configured, there's no way to answer their question.
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10459
Location: Somewhere over Atlanta, Georgia

PostPosted: Thu Jun 09, 2011 1:45 am    Post subject: Reply with quote

Well, you see, I'm originally from that industry, have taken payment terminals through PCI (formerly Visa PED) certification, and I don't think the question is particularly coherent, especially in this venue. :wink:

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
nooby210
n00b
n00b


Joined: 08 Jun 2011
Posts: 6

PostPosted: Thu Jun 09, 2011 2:28 am    Post subject: Reply with quote

NO I am not a markov-chain spambot haha I don't even know what that is. anyway. I am running a windows 2008 server and a linux gentoo server as my domain controller. I am the IT guy for this company that I work for. we do manufacturing. anyways we do alot of big sales and so we have to have a PCI check done every month or so. well this time it failed. I am using Squirrel mail if that helps. I guess that would be our mail server. sorry for the confusion. I am not a hacker or anything weird.


Thanks

-Brady
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10459
Location: Somewhere over Atlanta, Georgia

PostPosted: Thu Jun 09, 2011 2:30 am    Post subject: Reply with quote

Are you saying that you failed an audit? If so, the auditors will have given you some specific guidance on the issue and what you need to do to get into compliance. And, just so we're on the same page here, when you say "PCI", are you talking about Payment Card Industry?

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
nooby210
n00b
n00b


Joined: 08 Jun 2011
Posts: 6

PostPosted: Thu Jun 09, 2011 12:53 pm    Post subject: Reply with quote

Yeah I'm pretty sure that's what it means. the bank does one on us every so often. They did give me information about it but it hasn't been very helpful. this is what is says (Mail Relay via POP User) this mail server appears to allow user authenticated through a POP Connection to send email from their local IP address. An attacker may be able to successfully alter the mail log file for this server to enable unauthorized mail relays) and then this is how it says to fix it supposedly. ( this vulnerability is known to affect the poprelayd code associated with Cobalt RaQ servers. Check with your mail server vendor to validate this vulnerability and to check for any patches which may be available.

Thats what I got but it doesn't seem to help me out very much. I have looked into the courier config on my gentoo server and I do no see any POP enabled so I am at a stop.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum