Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: Discovering users by RCPT TO
From: Vince Hoang (vincelitrium.com)
Date: Thu Jan 13 2005 - 17:20:15 CST
On Thu, Jan 13, 2005 at 02:20:12PM -0500, Chris Buechler wrote:
> I'd recommend disabling it unless you get flooded by such spam
> attacks. I would probably consider it unnecessary information
> disclosure, depending on the environment and reason (if any)
> for doing it that way.
Some MTAs allow permit you to drop the session after a certain
number of failures, but that only slows down the dictionary
You cannot disable RCPT TO because that is how the SMTP protocol
designates the recipients.