[9923] in bugtraq
Re: sendmail 8.9.3 patches to curb RCPT harvesters
daemon@ATHENA.MIT.EDU (Andy Church)
Sat Mar 13 13:53:36 1999
Date: Sat, 13 Mar 1999 11:36:32 EST
Reply-To: Andy Church <achurch@DRAGONFIRE.NET>
From: Andy Church <achurch@DRAGONFIRE.NET>
X-To: twp@ROOTSWEB.COM
To: BUGTRAQ@NETSPACE.ORG
>> Per Joseph's suggestion. Use these patches against sendmail 8.9.3 and add
>>
>> O RCPTFailDelay=30
>>
>> to sendmail.cf to make sendmail sleep() for 30 seconds before reporting any
>> "550" errors. Set the value to 0 for "normal" behavior.
>
>According to the reports I'm seeing, GeoList Pro does not wait for a
>response from the server -- instead, it streams the RCPT TO commands
>continuously and then reads the results at the end of transmission.
>If that is the case, it doesn't sound like this patch will have any
>effect.
It should work fine, because (1) sendmail won't process anything while
it's sleep()ing, and (2) GeoList will stop sending data when the socket
buffer fills up (because sendmail isn't reading from it).
--Andy Church
achurch@dragonfire.net
http://achurch.dragonfire.net/
