Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Matt Hayes (postfixslackadelic.com)
Date: Tue Jan 15 2008 - 09:38:10 CST
Alejandro Facultad wrote:
> Dear all, I have a Postfix mail server and when someone execute "telnet
> mail.company.com.ar 25", after that I use my testhotmail.com account
> to send a mesaage and test my server:
> mail from: testhotmail.com <mailto:testcybsec.com>
> 250 2.1.0 Ok
> rcpt to: invalid_usercompany.com.ar <mailto:aaxxx.gov.ar>
> 550 5.1.1 <invalid_usercompany.com.ar <mailto:aaxxx.gov.ar>>:
> Recipient address rejected: User
> unknown in virtual mailbox table
> rcpt to: valid_usercompany.com.ar <mailto:mailvalido2xxx.gov.ar>
> 250 2.1.5 Ok
> Here I can see a hacker can put mail users in "RCPT TO"and verify they
> exist. I don't want this because a hacker can make test several mail
> users and after that he makes a list with valid users and use this list
> for spam.
> How can I setup Postfix to respond always "Invalid user" inclusive the
> "rcpt to" mail user exist, if someone do a telnet like above ???
> Thanks a lot
You do realize said hacker would have to test millions of not hundreds
of millions of addresses before finding a "valid" email address?
More than likely that won't happen as its a waste of time.