|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alejandro Facultad (alejandro_facultad
yahoo.com.ar)
Date: Tue Jan 15 2008 - 09:35:43 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear all, I have a Postfix mail server and when someone execute "telnet
mail.company.com.ar 25", after that I use my testhotmail.com account
to send a mesaage and test my server:
mail from: testhotmail.com <mailto:testcybsec.com>
250 2.1.0 Ok
rcpt to: invalid_usercompany.com.ar <mailto:aaxxx.gov.ar>
550 5.1.1 <invalid_usercompany.com.ar <mailto:aaxxx.gov.ar>>:
Recipient address rejected: User
unknown in virtual mailbox table
rcpt to: valid_usercompany.com.ar <mailto:mailvalido2xxx.gov.ar>
250 2.1.5 Ok
Here I can see a hacker can put mail users in "RCPT TO"and verify they
exist. I don't want this because a hacker can make test several mail
users and after that he makes a list with valid users and use this list
for spam.
How can I setup Postfix to respond always "Invalid user" inclusive the
"rcpt to" mail user exist, if someone do a telnet like above ???
Thanks a lot
Alejandro
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]