Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SMTP server account probing

From: kwoody () citytel net (Keith Woodworth)
Date: Tue, 9 Mar 1999 15:08:39 -0800

On Tue, 9 Mar 1999, John E. Martin wrote:


In this attack, an SMTP server is probed for common names, presumably
so that spam can the be targeted at them. The attacking machine
connects and issues hundreds of RCPT TO: commands, searching a long
list of common user names (e.g. susan) for ones that don't cause
errors. It then compiles a list of target addresses to spam.


This is a good reason for sendmail users to add the following to their .cf
files:


O PrivacyOptions=goaway


This will prevent VRFY and EXPN commands from functioning at all and
releasing correct addresses.


The goaway option will also, if I'm not mistaken, also screwup anyone who
does ETRN to collect mail. Fetchmail is one program that uses ETRN I
believe.

Keith
Previous By Date Next
Previous By Thread Next

Current thread: