[9816] in bugtraq
[maex-qmail@Space.Net: new "attack" scheme]
daemon@ATHENA.MIT.EDU (Peter van Dijk)
Fri Mar 5 11:42:04 1999
Mail-Followup-To: Netspace Bugtraq <BUGTRAQ@NETSPACE.ORG>
Date: Fri, 5 Mar 1999 08:02:49 +0100
Reply-To: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
From: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
To: BUGTRAQ@NETSPACE.ORG
This might be of interest to non-qmail users too...
----- Forwarded message from Markus Stumpf <maex-qmail@Space.Net> -----
Date: Fri, 5 Mar 1999 06:54:55 +0100
From: Markus Stumpf <maex-qmail@Space.Net>
To: qmail@list.cr.yp.to
Subject: new "attack" scheme
While this is slightly offtopic I think it's important (and evil) enough
to post it to this list.
There is an "address collector" program that works with a dictionary
of username appends the domain and uses RCPT TO to collect what it
thinks are valid email addresses.
From the nature of the program and the design of qmail this may cause
a lot of harm and problems, as - for every scanned domain - it will
IMHO consider every name in its dictionary to be a valid address if
hitting a qmail server.
For now I have blocked
@savings.com
@whynot.com
but with the described new version (see URL below) this surely will not be
sufficient and I currently don't see any way to get around the problem
(at least with a vanilla qmail installation; maybe Sam's UCE patch could
help).
For more detailed information please have a look at
http://www.l8r.com/nwa/nwa1.htm
\Maex
--
SpaceNet GmbH | http://www.Space.Net/ | In a world without
Research & Development | mailto:maex-sig@Space.Net | walls and fences,
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | who needs
D-80807 Muenchen | Fax: +49 (89) 32356-299 | Windows and Gates?
----- End forwarded message -----
Greetz, Peter.
--
.| Peter van Dijk | <mo|VERWEG> stoned worden of coden
.| peter@attic.vuurwerk.nl | <mo|VERWEG> dat is de levensvraag
| <mo|VERWEG> coden of stoned worden
| <mo|VERWEG> stonend worden En coden
| <mo|VERWEG> hmm
| <mo|VERWEG> dan maar stoned worden en slashdot lezen:)
