Bugtraq: Re: sendmail 8.9.3 patches to curb RCPT harvesters

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: sendmail 8.9.3 patches to curb RCPT harvesters

From: achurch () DRAGONFIRE NET (Andy Church)
Date: Sat, 13 Mar 1999 11:36:32 EST

Per Joseph's suggestion. Use these patches against sendmail 8.9.3 and add

O RCPTFailDelay=30

to sendmail.cf to make sendmail sleep() for 30 seconds before reporting any
"550" errors. Set the value to 0 for "normal"  behavior.


According to the reports I'm seeing, GeoList Pro does not wait for a
response from the server -- instead, it streams the RCPT TO commands
continuously and then reads the results at the end of transmission.
If that is the case, it doesn't sound like this patch will have any
effect.


     It should work fine, because (1) sendmail won't process anything while
it's sleep()ing, and (2) GeoList will stop sending data when the socket
buffer fills up (because sendmail isn't reading from it).

  --Andy Church
    achurch () dragonfire net
    http://achurch.dragonfire.net/

By Date By Thread

Current thread:

sendmail 8.9.3 patches to curb RCPT harvesters Peter W (Mar 11)
- Re: sendmail 8.9.3 patches to curb RCPT harvesters Tim Pierce (Mar 12)
- <Possible follow-ups>
- Re: sendmail 8.9.3 patches to curb RCPT harvesters Peter W (Mar 13)
- Re: sendmail 8.9.3 patches to curb RCPT harvesters Andy Church (Mar 13)
  - /usr/bin/doscmd on BSDI kasper (Mar 13)
    - Re: /usr/bin/doscmd on BSDI Warner Losh (Mar 17)
  - Re: sendmail 8.9.3 patches to curb RCPT harvesters Aggelos P. Varvitsiotis (Mar 15)
  - Lynx 2.8 overflow Mixter (Mar 15)
  - ISS Security Advisory: LDAP Buffer overflow against Microsoft X-Force (Mar 16)