|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alejandro Facultad (alejandro_facultad
yahoo.com.ar)
Date: Tue Jan 15 2008 - 09:47:24 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Matt Hayes escribió:
> Alejandro Facultad wrote:
>> Dear all, I have a Postfix mail server and when someone execute
>> "telnet mail.company.com.ar 25", after that I use my
>> testhotmail.com account to send a mesaage and test my server:
>>
>> mail from: testhotmail.com <mailto:testcybsec.com>
>> 250 2.1.0 Ok
>> rcpt to: invalid_usercompany.com.ar <mailto:aaxxx.gov.ar>
>> 550 5.1.1 <invalid_usercompany.com.ar <mailto:aaxxx.gov.ar>>:
>> Recipient address rejected: User
>> unknown in virtual mailbox table
>> rcpt to: valid_usercompany.com.ar <mailto:mailvalido2xxx.gov.ar>
>> 250 2.1.5 Ok
>>
>> Here I can see a hacker can put mail users in "RCPT TO"and verify
>> they exist. I don't want this because a hacker can make test several
>> mail users and after that he makes a list with valid users and use
>> this list for spam.
>>
>> How can I setup Postfix to respond always "Invalid user" inclusive
>> the "rcpt to" mail user exist, if someone do a telnet like above ???
>>
>> Thanks a lot
>>
>> Alejandro
>>
>
>
> You do realize said hacker would have to test millions of not hundreds
> of millions of addresses before finding a "valid" email address?
>
> More than likely that won't happen as its a waste of time.
>
> -Matt
>
>
OK Matt, but is there a way to implement what I want ??? Or is
impossible ???
Thanks again
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]