From: ^Herman^ (hermanofzo.nl)
Date: Wed Nov 23 2005 - 18:09:27 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks for your answer; I just thought it was “ugly” to send network
info out to anybody who tries to mail an unknown user.Maybe it would
make debugging to hard. And the abuse of such information may be small.

mouss wrote:

> ^Herman^ a écrit :
>
>> Im realy sorry i thought i was clear. This is a message sombody gets if
>> he tries to deliver mail to a non existent user.
>>
>> example:
>> telnet myhostname.nl 25
>> Escape character is '^]'.
>> 220 got pr0n?
>> helo xs1.xs4all.nl
>> 250 myhostname.nl
>> mail from:hermanofzo.nl
>> 250 Ok
>> rcpt to:unknownalain-net.net
>> 550 <unknownalain-net.net>: Recipient address rejected: undeliverable
>> address: host 84.107.148.123[84.107.148.123] said: 550 5.1.1 User
>> unknown (in reply to RCPT TO command)
>
>
> so you're using reject_unverified_mumble? in this case, the "next" mta
> error is used. hard to see how this would be configurable. if 84.* is
> an internal host, you may consider having the list of users locally.
>
> Anyway, you should really not get concerned. most spammers don't wait
> for a response, so your error will probably go to a victim (and most
> won't even understand that).
>
>
> to avoid having to care for internal info leakage, I like to publish
> it. This avoids having people ask how to avoid its leakage (via mta,
> via browser, via ftp clients, .... That's just too much). after all,
> these are just numbers.
>
>>
>> Now thats to mutch information to the "sender"
>>
>
> so what? if the security of a system relies on the secrecy of some
> information that may be obtained somehow, then the system is not
> secure. Give'em your name, give'em your address, and use your
> resources to keep'em out. In any case, they'll get your name and
> they'll get your address.
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]