On Wed, Mar 10, 1999 at 12:59:21AM -0700, Brad (Senior Systems Administrator -
Americanisp, LLC.) wrote:
> only problem with that is:
> the software that they are talking about sends just one RCPT
> TO request per stream. it opens up another connection to
> brute force the possibility of existing addresses. (From
> what I understand of all this)...
No it doesn't (at least as I read the description on the web page)
See
http://www.l8r.com/nwa/nwa1.htm
> All that needs to be done
> to avoid this is to create a patch which has a variable or
> something that can be set to threshold "denies" of invalid
> requests. maybe even puts them in /etc/tcp.smtp 'addy':DENY
> or something ;) heh
If it would behave "single streamed", your solution wouldn't work either,
as for an unpatched qmail-smtpd there isn't such a thing as "invalid
requests" if testing a dictionary with syntactically correct RCPT TO
lines against it.
If you patch qmail-smtpd to keep (centralized) track on incoming connections
per time period and lock out those which are over some threshold this
will probably work as long as you are not a bigger site with many users
subscribed to a mailing list that is distributed via qmail.
In the latter case you'll probably notice a similar behaviour.
\Maex
--
SpaceNet GmbH | http://www.Space.Net/ | In a world without
Research & Development | mailto:[EMAIL PROTECTED] | walls and fences,
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | who needs
D-80807 Muenchen | Fax: +49 (89) 32356-299 | Windows and Gates?