Speaking of which, is there a how-to somewhere that instructs one how to
harden sendmail by disabling VRFY and EXPN ?
J.
On Thu, 14 Feb 2002, Peter
Beardsley wrote:
> At 09:50 PM 2/13/2002 -0500, you wrote:
>
> >I see it all the time. Usernames are usually fairly easy to guess
> >especially on a mailserver if it's sendmail and VRFY and EXPN are
> >enabled. Check your mail logs for a lot of 550's, then check the IP
> >address against recent spam. Anything that wasn't rejected and
> >returned to the sender is a potential username on a box running SSH
> >*and* a mail server. Also, if you own the domain name of the box, a
> >simple whois will turn up several potential usernames. There are
> >litterally hundreds of ways to get usernames. In theory. So I've heard
> >;-)
>
> Yeah, I just saw that this user had been logged in several times that day
> leading up to the attempt and got paranoid, thinking it was more than a
> coincidence. Later I found out that mail had been sent out under this
> username, which is probably how they got it. Thanks.
>
>
> Peter Beardsley
> Appropriate Solutions, Inc.
> [EMAIL PROTECTED]
>
>
> *****************************************************************
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *****************************************************************
>
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Joshua S. Freeman | preferred email: [EMAIL PROTECTED]
pgp public key: finger [EMAIL PROTECTED]
http://www.threeofus.com
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
*****************************************************************
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*****************************************************************
