Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999_1

Bugtraq archives for 1st quarter (Jan-Mar) 1999: Re: SMTP server account probing

Re: SMTP server account probing

Keith Woodworth (kwoodycitytel.net)
Tue, 9 Mar 1999 15:08:39 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ryan Permeh: "Re: SMTP server account probing"
Previous message: Brian Behlendorf: "Re: SMTP server account probing"
In reply to: John E. Martin: "Re: SMTP server account probing"
Next in thread: Ryan Permeh: "Re: SMTP server account probing"

On Tue, 9 Mar 1999, John E. Martin wrote:

>>>In this attack, an SMTP server is probed for common names, presumably
>>>so that spam can the be targeted at them. The attacking machine
>>>connects and issues hundreds of RCPT TO: commands, searching a long
>>>list of common user names (e.g. susan) for ones that don't cause
>>>errors. It then compiles a list of target addresses to spam.
>>
>>This is a good reason for sendmail users to add the following to their .cf
>>files:
>>
>>
>>O PrivacyOptions=goaway
>>
>>
>>This will prevent VRFY and EXPN commands from functioning at all and
>>releasing correct addresses.
>>
The goaway option will also, if I'm not mistaken, also screwup anyone who
does ETRN to collect mail. Fetchmail is one program that uses ETRN I
believe.

Keith

Next message: Ryan Permeh: "Re: SMTP server account probing"
Previous message: Brian Behlendorf: "Re: SMTP server account probing"
In reply to: John E. Martin: "Re: SMTP server account probing"
Next in thread: Ryan Permeh: "Re: SMTP server account probing"