As an administrator of a mail server, VRFY and EXPN is the first thing that I shutdown. I love the syntax in the sendmail.cf config file:
O PrivacyOptions=goaway In sendmail you could use the milter api and brew your own solution, but I don't see it being of much use in this case. I would rather see a way of verifying that the From: address is being relayed by a host that is truly responsible for relaying for that particular address. Ed On Wednesday 13 March 2002 11:26, John Abreau wrote: > Mark Komarinski <[EMAIL PROTECTED]> writes: > > a sending account before allowing the communication to continue? I > > know a lot of mail systems disable VRFY, since it allows a spammer > > to find out who is there, but that's pretty much dead anyway since a > > VRFY can be abused for more than just spam. For instance, it can provide > hints as to what login names exist, to facilitate break-ins. > > >> deliver something to me, why can't the MTA hit the MX for mail.com > > > > and VRFY that the account is valid? If it's valid, it comes > > The effect of this would be to deny mail from any system that tries > to be secure from break-ins. It's almost like telling your family and > friends that you refuse to ring their doorbells unless they post a > sign on it that says something like "The key is under the doormat". > > "After all, a burglar could always pick the lock". ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
