[9862] in bugtraq
Re: SMTP server account probing
daemon@ATHENA.MIT.EDU (Brett Glass)
Tue Mar 9 17:47:51 1999
Date: Tue, 9 Mar 1999 13:51:28 -0700
Reply-To: Brett Glass <brett@LARIAT.ORG>
From: Brett Glass <brett@LARIAT.ORG>
X-To: "John E. Martin" <jem@LAINET.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199903091732.JAA15133@mailhost.lainet.com>
At 09:36 AM 3/9/99 -0800, John E. Martin wrote:
>While the 'goaway' option may not prevent the program from continuing to
>verify addresses, it will keep your users address from being picked up by
>the program.
>
>Perhaps someone with better sendmail experience could come up with an idea
>to automatically disconnect connections that are issuing more than 25 VRFY
>statements at a time?
Unfortunately, the program was designed to defeat the "goaway" option by
using RCPT TO: commands instead of VRFY commands. What's needed is
the ability to kill the connection after more than two or three recipient
names have generated errors.
--Brett
