[EXIM] address collector info posted to bugtraq

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MPeter Gervai at ->
Delete this message
Reply to this message
Author: Tabor J. Wells
Date:  
To: exim-users
Subject: [EXIM] address collector info posted to bugtraq
This came through on bugtraq recently. For anyone using virtual domains with
a default alias (like me) this could be especially problematic.

Ick. Any thoughts on preventing this in any way other than blocking IPs? I'm
sure they'll move around.

Tabor
Shore.Net

----- Forwarded message from Peter van Dijk <peter@???> ----- 

Mail-Followup-To: Netspace Bugtraq <BUGTRAQ@???>
Date:    Fri, 5 Mar 1999 08:02:49 +0100
Reply-To: Peter van Dijk <peter@???>
From:    Peter van Dijk <peter@???>
Subject:      [maex-qmail@???: new "attack" scheme]
To:    BUGTRAQ@???


This might be of interest to non-qmail users too...

----- Forwarded message from Markus Stumpf <maex-qmail@???> -----

Date: Fri, 5 Mar 1999 06:54:55 +0100
From: Markus Stumpf <maex-qmail@???>
To: qmail@???
Subject: new "attack" scheme

While this is slightly offtopic I think it's important (and evil) enough
to post it to this list.

There is an "address collector" program that works with a dictionary
of username appends the domain and uses RCPT TO to collect what it
thinks are valid email addresses.

>From the nature of the program and the design of qmail this may cause
a lot of harm and problems, as - for every scanned domain - it will
IMHO consider every name in its dictionary to be a valid address if
hitting a qmail server. 

For now I have blocked
    @savings.com
    @whynot.com
but with the described new version (see URL below) this surely will not be
sufficient and I currently don't see any way to get around the problem
(at least with a vanilla qmail installation; maybe Sam's UCE patch could
help).


For more detailed information please have a look at
    http://www.l8r.com/nwa/nwa1.htm


    \Maex


--
SpaceNet GmbH             |   http://www.Space.Net/   | In a world without
Research & Development    | mailto:maex-sig@Space.Net |   walls and fences,
Joseph-Dollinger-Bogen 14 |  Tel: +49 (89) 32356-0    | who needs
D-80807 Muenchen          |  Fax: +49 (89) 32356-299  |   Windows and Gates?


----- End forwarded message ----- 


Greetz, Peter.
--
.| Peter van Dijk           | <mo|VERWEG> stoned worden of coden
.| peter@???  | <mo|VERWEG> dat is de levensvraag
                            | <mo|VERWEG> coden of stoned worden
                            | <mo|VERWEG> stonend worden En coden
                            | <mo|VERWEG> hmm
                            | <mo|VERWEG> dan maar stoned worden en slashdot lezen:)


----- End forwarded message ----- 

-- 
___________________________________________________________________________
Tabor J. Wells                                             twells@???
Systems Administration Manager  Just another victim of the ambient morality
Shore.Net  --  High quality Internet access and hosting services since 1993


--
*** Exim information can be found at http://www.exim.org/ ***


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[EXIM] procmail transport & >From lines![EXIM] Maybe FAQ... what is the opposite of exim -bpa->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)