[9878] in bugtraq
Re: SMTP server account probing
daemon@ATHENA.MIT.EDU (Brian Behlendorf)
Wed Mar 10 16:04:33 1999
Date: Tue, 9 Mar 1999 17:04:30 -0800
Reply-To: Brian Behlendorf <brian@HYPERREAL.ORG>
From: Brian Behlendorf <brian@HYPERREAL.ORG>
X-To: Brett Glass <brett@LARIAT.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <4.1.19990309134938.0404a210@localhost>
On Tue, 9 Mar 1999, Brett Glass wrote:
> At 09:36 AM 3/9/99 -0800, John E. Martin wrote:
>
> >While the 'goaway' option may not prevent the program from continuing to
> >verify addresses, it will keep your users address from being picked up by
> >the program.
> >
> >Perhaps someone with better sendmail experience could come up with an idea
> >to automatically disconnect connections that are issuing more than 25 VRFY
> >statements at a time?
>
> Unfortunately, the program was designed to defeat the "goaway" option by
> using RCPT TO: commands instead of VRFY commands. What's needed is
> the ability to kill the connection after more than two or three recipient
> names have generated errors.
I would recommend against doing this. There are many legitimate large
mailing lists out there that are very likely to use multiple RCPT headers
in a single transaction to save bandwidth, and the odds of getting more
than two or three bounces from closed accounts are fairly good, so this
would break valid SMTP conversations. Besides, the address harvesters
will simply reopen a second connection.
Brian
