Date: Fri, 13 Aug 1999 19:11:48 +0200 From: Ollivier Robert <roberto@keltia.freenix.fr> To: security@freebsd.org Subject: Re: Another SMTP name-guessing attack Message-ID: <19990813191148.A78023@keltia.freenix.fr> In-Reply-To: <4.2.0.58.19990813091645.048468a0@localhost>; from Brett Glass on Fri, Aug 13, 1999 at 09:57:03AM -0600 References: <4.2.0.58.19990812185216.043c1160@localhost> <4.2.0.58.19990812185216.043c1160@localhost> <19990813143148.A73411@keltia.freenix.fr> <4.2.0.58.19990813091645.048468a0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
According to Brett Glass: > We do use the RBL. But as far as I can tell, the DUL system doesn't reject > the mail until after the whole message is sent; it doesn't stop Sendmail from > listening to the dial-in node beforehand. So, I am not sure that it would > defeat this attack. Yes it does. This is the same as RBL except only dialup pool addresses are kept into it. They'll be rejected at connect time if you use sendmail. Postfix would delay the reject up to RCPT TO: time because some broken clients don't expect the dialog to be cut at connect time and re-connect immediately. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #73: Sat Jul 31 15:36:05 CEST 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990813191148.A78023>