Date: Fri, 13 Aug 1999 09:57:03 -0600 From: Brett Glass <brett@lariat.org> To: Ollivier Robert <roberto@keltia.freenix.fr>, security@freebsd.org Subject: Re: Another SMTP name-guessing attack Message-ID: <4.2.0.58.19990813091645.048468a0@localhost> In-Reply-To: <19990813143148.A73411@keltia.freenix.fr> References: <4.2.0.58.19990812185216.043c1160@localhost> <4.2.0.58.19990812185216.043c1160@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 02:31 PM 8/13/99 +0200, Ollivier Robert wrote: >According to Brett Glass: > > Aug 11 211612 myhost sendmail[5126] VAA05126 lost input channel from ip176.albuquerque3.nm.pub-ip.psi.net [38.29.68.176] > >Why do you allow dialups POPs to directly connect to your mail server ? Use >the DUL system and be happy (and put others manually into your access file). We do use the RBL. But as far as I can tell, the DUL system doesn't reject the mail until after the whole message is sent; it doesn't stop Sendmail from listening to the dial-in node beforehand. So, I am not sure that it would defeat this attack. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19990813091645.048468a0>