Hi John, > On Feb 27, 2018, at 3:25 PM, John Fawcett <j...@voipsupport.it> wrote: > I can't think of a compelling reason either to enable VRFY or to disable > it. Disabling it stops people abusing it, but then they can just use > RCPT TO to get the same information in most cases. I disabled it since I > can't see any use for it. > > John
That is a valid point - I believe the VRFY RFC observed the same thing: that RCPT TO can be used in a similar fashion. Performing an EHLO to both Gmail and Hotmail/Outlook shows that they both disable it, which I would expect, but do they implement a policy of a certain number of invalid RCPT TO cause the connection to terminate ? I know there is a setting for the number of “junk commands” received in Postfix, but that is different. Is there a method via main.cf for restricting RCPT TO abuse ? Thanks, - J
