[exim-dev] [Bug 2188] Moving recipient check last to mitigat…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: admin
Date:  
À: exim-dev
Sujet: [exim-dev] [Bug 2188] Moving recipient check last to mitigate brute-force address scan
https://bugs.exim.org/show_bug.cgi?id=2188

--- Comment #2 from Omega Software <development@???> ---
(In reply to Jeremy Harris from comment #1)
> They detected a valid recipient by spotting an SPF check being done?
>
> Otherwise I'm not understanding. You show four rejections, no acceptances.


Yes. They tried hundreds of addresses. When they get "Unroutable address" it
means the address doesn't exist. When they get failure from another check (in
this case SPF, but in the sample config it would be DNSBL) it means the address
is valid.

If recipient verification were performed last, this kind of scan wouldn't be
possible unless they succeed at passing the other checks, which is kind of hard
for them as precisely the goal of those checks is to detect them.

--
You are receiving this mail because:
You are on the CC list for the bug.