On Fri, Mar 05, 1999 at 03:08:02PM -0500, Tabor J. Wells wrote:
> This came through on bugtraq recently. For anyone using virtual domains with
> a default alias (like me) this could be especially problematic.
>
> Ick. Any thoughts on preventing this in any way other than blocking IPs? I'm
> sure they'll move around.
[...]
> There is an "address collector" program that works with a dictionary
> of username appends the domain and uses RCPT TO to collect what it
> thinks are valid email addresses.
[...]
A nice fella notified me that my domain is hardcoded in such a program,
and I checked that it really does that: tries loads of rcpt to:'s.
This made me ask whether there is a limit on max number of RCPT TO: in
one session?
And anyway, could I put a trigger to block the address when someone
repeatedly tries to flood me with invalid rcpt to:'s? (vrfy and expn
is already deactivated.)
bye,
grin
--
*** Exim information can be found at
http://www.exim.org/ ***
