Bugtraq: Re: SMTP server account probing

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: SMTP server account probing

From: brett () LARIAT ORG (Brett Glass)
Date: Tue, 9 Mar 1999 13:51:28 -0700


At 09:36 AM 3/9/99 -0800, John E. Martin wrote:

While the 'goaway' option may not prevent the program from continuing to
verify addresses, it will keep your users address from being picked up by
the program.

Perhaps someone with better sendmail experience could come up with an idea
to automatically disconnect connections that are issuing more than 25 VRFY
statements at a time?


Unfortunately, the program was designed to defeat the "goaway" option by
using RCPT TO: commands instead of VRFY commands. What's needed is
the ability to kill the connection after more than two or three recipient
names have generated errors.

--Brett

By Date By Thread

Current thread:

SMTP server account probing Brett Glass (Mar 08)
- Re: SMTP server account probing Frank Miller (Mar 09)
- Re: SMTP server account probing John E. Martin (Mar 09)
  - Re: SMTP server account probing Brett Glass (Mar 09)
    - Re: SMTP server account probing Nick Andrew (Mar 09)
    - Re: SMTP server account probing Brian Behlendorf (Mar 09)
  - Re: SMTP server account probing Valdis.Kletnieks () VT EDU (Mar 09)
    - Re: SMTP server account probing Scott Fendley (Mar 09)
    - Re: SMTP server account probing Alexander Bochmann (Mar 10)