I scaned my redhat linux 8 with xscan 1.3 , it told me that there was a smtp securiy leak .
these users' username and password are same.

such as : admin
webmaster
data
user
web
oracle
sybase
master
backup

and so on , what can I do for this? Can I delete these users?
My linux provides www email ftp service for my company.

Please give me some advice ,thanks a lot!

Those users are "useful" if you have the associated applications installed. They're typically used to run those apps as non-root. I've never used xscan so I don't know whether it was simply detecting an open port or detecting a vulnerability in the smtp application. You may need to dig into that one. If you don't need them (ie oracle), then whack them.

On a side note, I once worked for a company that hired an outside firm to do a "security audit". Their report noted that one of our servers was vulnerable because port 25 was open. Umm, yeah, it was our smtp gateway. When asked how they determined it be be vulnerability, they replied that they had a "highly specialized network detection tool" which later turned out to be some cheesy Windows-based port scanner.

hehe , thanks stickman . I thought the "security hole" is not the real one too .

thanks a lot