This is a multi-part message in MIME format. ------=_NextPart_000_003D_01C16AB7.1360B970 Content-Type: multipart/alternative; boundary="----=_NextPart_001_003E_01C16AB7.136CEE70" ------=_NextPart_001_003E_01C16AB7.136CEE70 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just in case, I noticed from the documentation of vmail-sql, and exim's setup: mysql_servers = host/user/pass This alone, is insecure, and should be prepended with the hide directive to look more like: hide mysql_servers = host/user/pass This will hide that from even just running exim -bP, which any user could normally run, regardless if they have read access to the conf file of exim. - --- Eric Renfro - Myrddin Computers & Designs CEO/President (713) 595-2104 ext. 2261 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> Comment: -- Psi-Jack <Encrypting the Net/Securely> iQA/AwUBO+7VQLdZW96NGwakEQL7UgCaAuS9JM92SI62Wgwt/YkQNZoCJjAAn02j 82maFoTAOU/zHGop+iydf9HN =gXnx -----END PGP SIGNATURE----- ------=_NextPart_001_003E_01C16AB7.136CEE70 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">Security note for exim and MySQL -----BEGIN PGP SIGNED MESSAGE-----
------=_NextPart_001_003E_01C16AB7.136CEE70-- ------=_NextPart_000_003D_01C16AB7.1360B970 Content-Type: text/x-vcard; name="Eric Renfro (psi-jack@myrddincd.com).vcf" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="Eric Renfro (psi-jack@myrddincd.com).vcf" BEGIN:VCARD VERSION:2.1 N:Renfro;Eric FN:Eric Renfro (psi-jack@myrddincd.com) ORG:Myrddin Computers & Designs TITLE:CEO/President TEL;WORK;VOICE:(713) 595-2104 X2261 TEL;HOME;VOICE:(936) 231-2895 TEL;WORK;FAX:(713) 595-2104 X2261 ADR;WORK:;;14324 Old Humble Pipeline Road;Conroe;TX;77302-4422;United = States of America LABEL;WORK;ENCODING=3DQUOTED-PRINTABLE:14324 Old Humble Pipeline = Road=3D0D=3D0AConroe, TX 77302-4422=3D0D=3D0AUnited States=3D of America EMAIL;PREF;INTERNET:psi-jack@myrddincd.com REV:20011030T164102Z END:VCARD ------=_NextPart_000_003D_01C16AB7.1360B970 Content-Type: application/octet-stream; name="PGPexch.rtf.asc" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="PGPexch.rtf.asc" owHtWD1sI0UUjkAEKVKQ6OBo3qW4AxRnf7y2E2Lf4dgGghInSgynwEpovDvrHW521jczG5+JUtAg QURDgSgoUtBSgYQQNSUNAkoKoEAUiIaemU1ysZ2NxMEFEWldrFZv33zz3pv3zeeZd6duPvzI1PLv 3z//xc7rP77/1PQnjz/00YdThz/8+vWff/z09m+H3x4c/Dz9eeurb56Ynjr84OPvrr4mPrty5dHK e4/13rEOfpn/8tMnb3an9G/P5TKwXMQESR9ev2fZJdsNeByFMqIWuD4OAnPPDWImZZfOzqhX0w3E gAjhBl6IuMDShDoniC7vp58tN4hiH3MGjTjhBHNo48HxNwXNCL030IbtYdSNT0YWT0aOIJ/FcI6n P5k0tXoxjbkK0OXYN90ex5iZbpcm2Fw+Y7JLJQ3lJp7l9hH33T5FhOlMJeoWyyYcpWg7oJGfdXUl JOrZThGqV5sbjc7OZgte6qyvweYrK2urDZgrGMatYsMwmp3m0QdnwYQO1yWVJGaIGkarPXdjfwyv CHp2GDdaS1DVCJO+jjK36s0Js1WpQLWz2llrTXywHQvWsRCohydGLJagamQNsTLDyTSWLaiutzp1 8FRXYCZrc+vbadrlBdNcsMvqYc4BQxGuvdhqt7bqnY2tidlUfFUjIyM7a8KSCdWVjebOhK+Z5btU hmpz9dUb+6lBtTfsnbyZMOJXdjI9xhN1FqH6wka7AwHycC3tNxDkLVyzx/ADB3S/qHiycRbV6m1v 1tvgUSREza7YpukUraWCpX7q3cqO9uVESCAMPCTwPKyOYzrHybNYEg/7oCkLMsTgx14SqUVBuvMg DmA3QoQWxB06D4j5gO+S6LrIBlOMS/rPjdfTVgulgx+Jcf+8epVU8Q1dsGznEdeKfc+upz51mp0Z hzRV7YzxBT1v+svXD2m899cUF7Y4kxFeY13RXz51da8jM1/KB0TtaKj4+IbAfBdzAbVsNoaxkEai nIy+ws5ZmbMyZ+WFsrITEgGIxkzJLTlHIgkT2Es4PhJTEcYJ9aGLoc9xHzNfKfGAyDBV4pD4So4J x54kuxhkDDSOb0MUc5yNTcltnKtvzvOc5xfL85SYuQTn1Myp+b+U4AGh9IikMkQym5npeRfvYgZv 6mMyTxgjrJeebqHQ3ZyHQUi8UIn0EDR/wUuFmsU8QpQOtf88cNxD3KdYnKf1gdbxIYRIyTfHyAfk edpbSbkWeC9mAQSEYn3M1jMv5DvEJeSN+stHeqxGcSDHcr1D4R/n+y9oVCgUxqEsFebK1sgwlxKG Z2cexH6WGWdaqr8XbIsTD7YwU3SEAqwPue8TffEb9ROpdfVME6BotAeunSJBEwu1DOLy5N5obRib XEXtYybvN+ynK1bxGSgtlQq27mN8Vy6AbZetfFf4D3eFkmoAI+Nm2a7o2+mMa/jjguz/BQ== ------=_NextPart_000_003D_01C16AB7.1360B970--
Hash: SHA1
Just in case, I noticed from the documentation of vmail-sql, and
exim's setup:
mysql_servers =3D host/user/pass
This alone, is insecure, and should be prepended with the hide
directive to look more like:
hide mysql_servers =3D host/user/pass
This will hide that from even just running exim -bP, which any user
could normally run, regardless if they have read access to the conf
file of exim.
- ---
Eric Renfro - Myrddin Computers & Designs
CEO/President
(713) 595-2104 ext. 2261
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: -- Psi-Jack <Encrypting the Net/Securely>
iQA/AwUBO+7VQLdZW96NGwakEQL7UgCaAuS9JM92SI62Wgwt/YkQNZoCJjAAn02j
82maFoTAOU/zHGop+iydf9HN
=3DgXnx
-----END PGP SIGNATURE-----