|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: incorrect spam setups cause spool messes on forwarders
[email protected] writes on 12/2/2003 9:32 AM: MAIL FROM: RCPT TO: QUIT: is precisely what they are doing.On Tue, 02 Dec 2003 19:23:41 +0800, Suresh Ramasubramanian <[email protected]> said:What they are trying to do is to connect back to email.com's MXs and ensure that the user <[email protected]> who is trying to send them mail really does exist, and is not just a figment of some spambot's imagination.And they tell that how, exactly, given that many sites do NOT allow VRFY or EXPN? Nobody except spammers / dictionary attackers seem to VRFY these days for this sort of stuff. In fact grepping your logs for VRFY is often a reliable sign of a dictionary attack on your machines. MAIL FROM: <> typically, or from a sender that does not return callbacks to it ... so no danger of loops getting set up. Thank God for small mercies, I guess.I suppose they could do a MAIL FROM/RCPT TO pair, look at the result, and QUIT instead of DATA. Of course, that would be silly, because if it ever ran into another site that tried the same thing, that site would try to call back and do a MAIL FROM/RCPT TO... srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
|