1

Topic: Security issues

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
1.3.1
- Deployed with iRedMail Easy or the downloadable installer?
Download
- Linux/BSD distribution name and version:
ubuntu 18:04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
Mysql
- Web server (Apache or Nginx):
NGINX
- Manage mail accounts with iRedAdmin-Pro?
No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
No
====

I realise this is a postfix but just throwing it out here please

When running security scans bank demands it fails with the below


Title:
Banner Based Vulnerabilities for Postfix smtpd
Impact:
One or more vulnerabilities have been found that affect this service. Please see the relevant CVEs for more details.
Resolution:
Apply the latest vendor patches to the Postfix smtpd service running on port 25.
6.9
Data Received:
cpe:/a:postfix:postfix
CVE Score
CVE-2009-2939 6.9 CVE-2008-4977 6.9 CVE-2011-1720 6.8 CVE-2011-0411 6.8 CVE-2012-0811 6.5 CVE-2008-2936 6.2
CVE-2020-12063 5.0 CVE-2017-10140 4.6 CVE-2008-3889 2.1 CVE-2008-2937 1.9
Vector
AV:L/AC:M/Au:N/C:C/I:C/A:C AV:L/AC:M/Au:N/C:C/I:C/A:C AV:N/AC:M/Au:N/C:P/I:P/A:P AV:N/AC:M/Au:N/C:P/I:P/A:P AV:N/AC:L/Au:S/C:P/I:P/A:P AV:L/AC:H/Au:N/C:C/I:C/A:C AV:N/AC:L/Au:N/C:N/I:P/A:N AV:L/AC:L/Au:N/C:P/I:P/A:P AV:L/AC:L/Au:N/C:N/I:N/A:P AV:L/AC:M/Au:N/C:P/I:N/A:N

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Security issues

william_jmr wrote:

- Linux/BSD distribution name and version:
ubuntu 18:04 LTS

Try to upgrade Postfix packages with "apt". If Ubuntu doesn't offer a newer packages with these CVE fixed, push them please.