Aleph One wrote: > I am killing the spam address harvesting thread unless someone posts some > actual code. Per Joseph's suggestion. Use these patches against sendmail 8.9.3 and add O RCPTFailDelay=30 to sendmail.cf to make sendmail sleep() for 30 seconds before reporting any "550" errors. Set the value to 0 for "normal" behavior. Note that RFC 1123 suggests RCPT responses be returned in less than 5 minutes (if they're verified immediately -- 1123 allows verification of RCPT to be deferred and notes that a "250" response does not guarantee the address is legit). Eric Allman argues in doc/op/op.ps that sending SMTP agents ought to wait an hour. Choose wisely. This quick modification should at least frustrate current** RCPT abuse tools, give admins more time to notice the failures in the maillog and react, and not confuse mailers that legitimately send multiple RCPT commands to known addresses. -Peter ** Eventually I think sys admins would want to defer all RCPT verifications until after the DATA transmission, erroring with 554 if there is a single invalid RCPT address, to make SMTP username-harvesting visible. SMTP senders would need to be sure they heeded RFC 1123 section 5.2.7 regarding the meaning of a 250 response to RCPT. -- Q: How could China track down and punish dissidents more effectively? A: The new Pentium III chip! http://www.privacy.org/bigbrotherinside/ Intel doesn't care about your privacy. Join the boycott today. $ diff -C 2 sendmail.h.orig sendmail.h *** sendmail.h.orig Thu Mar 11 07:57:42 1999 --- sendmail.h Thu Mar 11 08:06:51 1999 *************** *** 1293,1296 **** --- 1293,1298 ---- EXTERN int MaxMimeHeaderLength; /* maximum MIME header length */ EXTERN int MaxMimeFieldLength; /* maximum MIME field length */ + EXTERN int RCPTFailDelay; + /* delay before report user does not exist to inbound SMTP commands */ extern int errno; $ diff -C 2 readcf.c.orig readcf.c *** readcf.c.orig Thu Mar 11 07:57:52 1999 --- readcf.c Thu Mar 11 08:15:29 1999 *************** *** 1532,1535 **** --- 1532,1537 ---- { "MaxHeadersLength", O_MAXHDRSLEN, FALSE }, #endif + #define O_RCPTFAILDELAY 0xab + { "RCPTFailDelay", O_RCPTFAILDELAY, FALSE }, { NULL, '\0', FALSE } }; *************** *** 2211,2214 **** --- 2213,2220 ---- case O_MAXCHILDREN: /* max # of children of daemon */ MaxChildren = atoi(val); + break; + + case O_RCPTFAILDELAY: /* delay before reporting user does not exist */ + RCPTFailDelay = atoi(val); break; $ diff -C 2 err.c.orig err.c *** err.c.orig Thu Mar 11 08:05:41 1999 --- err.c Thu Mar 11 08:12:58 1999 *************** *** 526,529 **** --- 526,532 ---- eb += 4; spaceleft -= 4; + + if ((num != NULL) && (strncmp(num, "550", 3) == 0) ) + sleep(RCPTFailDelay); /* output the file name and line number */
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:52 PDT