James B. Byrne:
> However, the question arises as to how these local delivery addresses
> are being harvested? Some of these are used very infrequently and
> some of them have not been active for years. It seems remarkable that
> addresses that are known to only be used for one purpose, say bugzilla
> or readhat network, are found in these attacks.
The names may have been harvested from a compromised user machine.
> Is there some way for remote unauthenticated users to query postfix in
> such a fashion as to effectively walk the virtual domain list for
> local delivery addresses? If so then what is it and how can it be
> prevented. Or should it?
As far as I know, there is no SMTP command to 'list' a local database.
That is, unless there is some kind of LDAP or SQL injection bug.
Wietse
