[9871] in bugtraq
Re: SMTP server account probing
daemon@ATHENA.MIT.EDU (Jose C. Oon)
Wed Mar 10 12:46:08 1999
Date: Wed, 10 Mar 1999 09:18:25 +0800
Reply-To: korn@SINARAN.CSD.CSAM.COM.MY
From: "Jose C. Oon" <korn@SINARAN.CSD.CSAM.COM.MY>
To: BUGTRAQ@NETSPACE.ORG
.....snip.....
> Unfortunately, the program was designed to defeat the "goaway" option by
> using RCPT TO: commands instead of VRFY commands. What's needed is
> the ability to kill the connection after more than two or three recipient
> names have generated errors.
This is a good idea where a predetermined number of errors in RCPT
should warrant the sendmail process to abort and terminate. But on
the other side, it'll interrupt normal mail messages delivery, hence,
causing lots of retries. Default of 3-5 days.
I'd suggest to add some intended delays, for instance:
when there's a RCPT error, the attacked sendmail daemon will
delay say 30 seconds, before it accepts another RCPT TO or other command.
Of course eventually the sendmail will time out and drop the
connections when necessary.
--Joseph
