[9872] in bugtraq
Re: SMTP server account probing
daemon@ATHENA.MIT.EDU (Keith Woodworth)
Wed Mar 10 12:46:10 1999
Date: Tue, 9 Mar 1999 15:08:39 -0800
Reply-To: kwoody@citytel.net
From: Keith Woodworth <kwoody@CITYTEL.NET>
X-To: "John E. Martin" <jem@LAINET.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199903091732.JAA15133@mailhost.lainet.com>
On Tue, 9 Mar 1999, John E. Martin wrote:
>>>In this attack, an SMTP server is probed for common names, presumably
>>>so that spam can the be targeted at them. The attacking machine
>>>connects and issues hundreds of RCPT TO: commands, searching a long
>>>list of common user names (e.g. susan) for ones that don't cause
>>>errors. It then compiles a list of target addresses to spam.
>>
>>This is a good reason for sendmail users to add the following to their .cf
>>files:
>>
>>
>>O PrivacyOptions=goaway
>>
>>
>>This will prevent VRFY and EXPN commands from functioning at all and
>>releasing correct addresses.
>>
The goaway option will also, if I'm not mistaken, also screwup anyone who
does ETRN to collect mail. Fetchmail is one program that uses ETRN I
believe.
Keith
