On Wed, 15 Apr 1998, Tony Earnshaw wrote:
> Paul Mansfield wrote:
> > On Wed, 15 Apr 1998, Tony Earnshaw wrote:
> > > generally always exists (hostmaster or postmaster or someone I know),
> > I'm with Philip, testing with verify would
> > - slow mail down A LOT
> Certainly a valid reason ...
... I would also like to add though that it would be NICE if it everyone could
be open and helpful and allow verify to work, like identd for example. But,
just as an open mail relay will allow spammers to exploit it, verify can be
exploited too.
> > - only have valid results in 20% of cases
> As I said, my experience doesn't conform to that percentage;
hmmm, if I encounter someone who allows verify, I suggest they turn it off!
> > (its considered very bad practise to
> > allow verify to work as it poses a security risk
> I see that Philip's site practises what it preaches. Tell us a little
> about the security risks, please?
well, it means someone can expand mail addresses, and fundamentally get
information about real users... like finger. they can they try and crack
logins.
See the "Cheswick and Bellovin" book on security...
Paul
--
*** Exim information can be found at
http://www.exim.org/ ***