sendmail 8.9.3 patches to curb RCPT harvesters

From: Peter W (peterwat_private)
Date: Thu Mar 11 1999 - 16:31:21 PST

  • Next message: Dmitry Kohmanyuk Дмитрий Кохманю: "Re: Default password in Bay Networks switches." 

    Aleph One wrote:

> I am killing the spam address harvesting thread unless someone posts some
> actual code.

Per Joseph's suggestion. Use these patches against sendmail 8.9.3 and add

O RCPTFailDelay=30

to sendmail.cf to make sendmail sleep() for 30 seconds before reporting any
"550" errors. Set the value to 0 for "normal"  behavior.

Note that RFC 1123 suggests RCPT responses be returned in less than 5 minutes
(if they're verified immediately -- 1123 allows verification of RCPT to be
deferred and notes that a "250" response does not guarantee the address is
legit). Eric Allman argues in doc/op/op.ps that sending SMTP agents ought to
wait an hour. Choose wisely.

This quick modification should at least frustrate current** RCPT abuse tools,
give admins more time to notice the failures in the maillog and react, and not
confuse mailers that legitimately send multiple RCPT commands to known
addresses.

-Peter

** Eventually I think sys admins would want to defer all RCPT verifications
until after the DATA transmission, erroring with 554 if there is a single
invalid RCPT address, to make SMTP username-harvesting visible. SMTP senders
would need to be sure they heeded RFC 1123 section 5.2.7 regarding the meaning
of a 250 response to RCPT.

--
Q: How could China track down and punish dissidents more effectively?
A: The new Pentium III chip!  http://www.privacy.org/bigbrotherinside/
    Intel doesn't care about your privacy. Join the boycott today.

$ diff -C 2 sendmail.h.orig sendmail.h
*** sendmail.h.orig     Thu Mar 11 07:57:42 1999
--- sendmail.h  Thu Mar 11 08:06:51 1999
***************
*** 1293,1296 ****
--- 1293,1298 ----
  EXTERN int    MaxMimeHeaderLength;    /* maximum MIME header length */
  EXTERN int    MaxMimeFieldLength;     /* maximum MIME field length */
+ EXTERN int    RCPTFailDelay;
+       /* delay before report user does not exist to inbound SMTP commands */

  extern int    errno;


$ diff -C 2 readcf.c.orig readcf.c
*** readcf.c.orig       Thu Mar 11 07:57:52 1999
--- readcf.c    Thu Mar 11 08:15:29 1999
***************
*** 1532,1535 ****
--- 1532,1537 ----
        { "MaxHeadersLength",           O_MAXHDRSLEN,   FALSE   },
  #endif
+ #define O_RCPTFAILDELAY       0xab
+       { "RCPTFailDelay",              O_RCPTFAILDELAY,        FALSE   },
        { NULL,                         '\0',           FALSE   }
  };
***************
*** 2211,2214 ****
--- 2213,2220 ----
          case O_MAXCHILDREN:   /* max # of children of daemon */
                MaxChildren = atoi(val);
+               break;
+
+         case O_RCPTFAILDELAY: /* delay before reporting user does not exist */

+               RCPTFailDelay = atoi(val);
                break;


$ diff -C 2 err.c.orig err.c
*** err.c.orig  Thu Mar 11 08:05:41 1999
--- err.c       Thu Mar 11 08:12:58 1999
***************
*** 526,529 ****
--- 526,532 ----
        eb += 4;
        spaceleft -= 4;
+
+       if ((num != NULL)  && (strncmp(num, "550", 3) == 0) )
+               sleep(RCPTFailDelay);

        /* output the file name and line number */

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:52 PDT