North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: incorrect spam setups cause spool messes on forwarders

  • From: Suresh Ramasubramanian
  • Date: Tue Dec 02 09:41:08 2003

[email protected]  writes on 12/2/2003 9:32 AM:
On Tue, 02 Dec 2003 19:23:41 +0800, Suresh Ramasubramanian <[email protected]>  said:

What they are trying to do is to connect back to's MXs and ensure
that the user <[email protected]> who is trying to send them mail
really does exist, and is not just a figment of some spambot's imagination.
And they tell that how, exactly, given that many sites do NOT allow VRFY or EXPN?
MAIL FROM: RCPT TO: QUIT: is precisely what they are doing.

Nobody except spammers / dictionary attackers seem to VRFY these days for this sort of stuff. In fact grepping your logs for VRFY is often a reliable sign of a dictionary attack on your machines.

I suppose they could do a MAIL FROM/RCPT TO pair, look at the result, and
QUIT instead of DATA.  Of course, that would be silly, because if it ever ran
into another site that tried the same thing, that site would try to call back
and do a MAIL FROM/RCPT TO...
MAIL FROM: <> typically, or from a sender that does not return callbacks to it ... so no danger of loops getting set up. Thank God for small mercies, I guess.


srs (postmaster|suresh) // gpg : EDEDEFB9
manager, security and antispam operations