Imail 8.13 - known DoS vulnerabilities?

[Jeff <secfocus () bedrox com>]

While running periodic NeWT (nessus) scans against several Imail 8.x servers
I manage, I've noticed that when set to run all filters (including the
"dangerous" ones), the Imail SMTP service crashes.  I've included a few
snippets from the report below.

I've grown to really like Imail, but it seems like a trivial matter to
commit a Denial of Service if the SMTP service is so fragile.  Microsoft's
SMTP server withstands the same abuse without flinching.

Any thoughts or comments


--------------------------------
The remote SMTP server crashes when it is send a command 
with a too long argument.

A cracker might use this flaw to kill this service or worse,
execute arbitrary code on your server.

Solution : upgrade your MTA or change it.

Risk factor : High

Plugin ID : 11772
--------------------------------
The remote POP3 server might be vulnerable to a buffer overflow 
bug when it is issued at least one of these commands, with a too long 
argument :

auth
user
pass

If confirmed, this problem might allow an attacker to execute
arbitrary code on the remote system, thus giving him an interactive
session on this host.
<..snip..>

Plugin ID : 10184
--------------------------------