Re: Discovering users by RCPT TO

[Chris Buechler <cbuechler () gmail com>]

On Thu, 13 Jan 2005 14:04:57 +0200, Kiril Todorov
<voland () shadowblade net> wrote:
<snip>
> > rcpt to: asdfasdf@domain
> > 550 5.1.1 asdfasdf@domain... User unknown
> > rcpt to: bin@domain
> > 250 2.1.5 bin@domain... Recipient ok
> > rcpt to: nobody@domain
> > 250 2.1.5 nobody@domain... Recipient ok
> > rcpt to: oper@domain
> > 550 5.1.1 oper@domain... User unknown
> > rcpt to: root@domain
> > 250 2.1.5 root@domain... Recipient ok
> >
> > Is this ok or is it information disclousure? Is there any way to fix it?
> > It is Sendmail...
>
> That's a common practice.

Though not necessarily a good idea.  


> The main reason is the tons of windows zombie machines, used for
> spamming at random names @ domain name.
> All mails are send from fake addresses, so after 2-3 waves of such
> spamming the mail server's queue gets approximately 30-40K mails.
> The server is busy sending out bounces to nonexistant addresses.. well
> you get the picture.

Yes, it solves that problem, but also allows spammers to brute force a
list of valid email addresses.  I've seen that attempted far more
times than I've seen machines hammered to death by spam bounces
filling the queue.

I'd recommend disabling it unless you get flooded by such spam
attacks.  I would probably consider it unnecessary information
disclosure, depending on the environment and reason (if any) for doing
it that way.

30-40K mails in the queue really shouldn't overwhelm your mail server,
though I don't use sendmail on any of mine.  I've seen 50K+ mails in
the queue on some of my Qmail and Postfix mail servers for the same or
similar reasons and they kept chugging along.  Not huge boxes either,
P3's with 512 MB - 1 GB RAM.  I guess if you're running a 486 mail
server with 16 MB RAM that might be a problem though.  :)

-Chris