>Are DNS MX records queryable?
Yes.
>Could I query one and get a list of valid email addresses on that server?
No. A DNS MX query will list the mailservers for a domain, not the users
on it.
>Is there a version that might be? A bug? An
>pre-patched version? A "as-installed" implementation that would have this as
>a possible result? Have you ever seen this work?
DNS will never, ever return an E-mail address (well, with one exception --
SOA record include a return address in a modified format). But they will
never return a list of users on your server. The only location where that
information is kept is the mailserver itself. There is not even an SMTP
command that will list the users on a mailserver (the VRFY command can be
used to verify a known address, and there is a command to show the users on
a mailing list, but nothing to return all valid accounts).
>No, I don't want to do it; I'm just trying to get to the bottom of
>something. (Really, I just wrote a book about security -- I'm a good guy --
>see sig.)
If someone got addresses from a mailserver of yours, and you check the log
files, you'll probably see that you were the victim of a dictionary attack
-- someone pretending to send mail to thousands and thousands of accounts
on your server, to see which ones are valid.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
