On 9/7/2010 10:23 AM, Claudio Prono wrote:
Noel Jones ha scritto:
On 9/7/2010 5:16 AM, Claudio Prono wrote:
Hello all,
I use Postfix with mysql database for the users lookup. I have recently
found an information leak with the RCPT TO command.
..
Any hint is well accepted.
This is a basic function of the SMTP protocol.
Ok, this is right, but is also an information leak... with rcpt to i can
enumerate the local users of the system, and for me this is not too
good... No way to fix this?
This is part of the design of SMTP. You can call it a feature
or a flaw or an information leak, but it's still part of the
design. This is not postfix specific; it is a design feature
of every software that implements SMTP.
I would suggest investing in a few good books on SMTP to
prevent asking further sophomoric questions.
-- Noel Jones
