>I downloaded the product and gave it a try. It works ... sort of. Here's
>the first log entry, that verified the existence of a mail address:
>
>09:18 20:20 SMTPD(03D40078) [216.198.221.162] connect 64.xxx.xx.75 port 1977
>09:18 20:20 SMTPD(03D40078) [64.xxx.xx.75] HELO aol.com
>09:18 20:20 SMTPD(03D40078) [64.xxx.xx.75] MAIL FROM:<[EMAIL PROTECTED]>
>09:18 20:20 SMTPD(03D40078) [64.xxx.xx.75] RCPT TO:<[EMAIL PROTECTED]>
>
>There's only one problem: While the dmoain ''foohbar.com'' is a domain on
>my server with a virtual imail account. There is no user named ''blah@''
hey, just when the story is getting interesting, you cut us off. What
happened after rcpt to: ?
>You can probably see where this is going: The ''nobody'' alias is sending
>the mail to wherever and the above doesn't get bounced.
ah, you�ve got nobody on.
>Here's what happens
>when I try the same test after deleting ''nobody'' from the alias list.
>
>09:18 20:22 SMTPD(03D70078) [216.198.221.162] connect 64.xxx.xx.75 port 1979
>09:18 20:22 SMTPD(03D70078) [64.xxx.xx.75] HELO aol.com
>09:18 20:22 SMTPD(03D70078) [64.xxx.xx.75] MAIL FROM:<[EMAIL PROTECTED]>
>09:18 20:22 SMTPD(03D70078) [64.xxx.xx.75] RCPT TO:<[EMAIL PROTECTED]>
>09:18 20:22 SMTPD(03D70078) [64.xxx.xx.75] ERR msb1.mysecretbase.net invalid
>user <[EMAIL PROTECTED]
>
>about what you'd expect. So if they manage to try *every* possible
>character combination (or have a lot of monkeys banging away on keyboards)
>they can eventually find every account
this is just a dictionary attack.
>. But if you have ''nobody'' set up
>they've got you every single time... which is a given when you do that sort
>of thing, right?
I think the nobody alias is Bad Thing. It�s only useful if send it to
NUL. You think you're fooling the abuser that he�s found a valid
account? I think this tricky-dicky "punishment" is totally useless.
And if you're some kind of bleeding heart admin who wants to use nobody
alias to catch each mis-addressed mail to valid users, figure out who is
was supposed to go to and send it, well, you're wasting your company's
salary pawing through the nobody mailbox.
That attacked Imail ISP for whom I installed IMGate last is, DAILY,
rejecting 300k msgs, over 10k /hour, with IMGate. Who TF wants to see all
that stuff in the nobody mailbox?
Who TF events wants that stuff, NUL or not, flowing into your mailbox
server consuming resources?
So, I can't see where Imail is vulnerable to Glock's harvesting tool.
Len
http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
