North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: incorrect spam setups cause spool messes on forwarders

  • From: Richard Cox
  • Date: Tue Dec 02 09:59:36 2003

On Tue, 02 Dec 2003 14:37 UTC Suresh Ramasubramanian
<[email protected]> wrote:

| Nobody except spammers / dictionary attackers seem to VRFY these days
| for this sort of stuff.  In fact grepping your logs for VRFY is often
| a reliable sign of a dictionary attack on your machines.

VRFY is an (unavoidable) part of the checking routine built into the
popular "Sam Spade for Windows" client, for manual verification of any
suspect addresses found to have sent suspicious mail.  So just looking
for VRFY can give you some, er, false positives there ;-)

and, as has been said, most sites don't allow it for obvious reasons.
What is perhaps surprising, is the number of sites that disallow VRFY
but leave EXPN fully operational ...

| Thank God for small mercies, I guess.

Implementing DELAY_CHECKS (which is normal anyway these days) will of
course make a complete mockery of the process Verizon have implemented.

Richard Cox