Aleph, for some reason this didn't seem to make it the first time so I'm resubmitting. If you were holding up on releasing it while checking with Gordano then just trash this copy. Before I begin, I posted this to Gordano's mail list for NTmail this morning (11/29/99), but despite it being posted I can't seem to even get a reaction out of anyone over there. They have enough traffic and posts that I would have hoped to at least get someone to confirm this but I guess they don't consider this important. I would appreciate it if anyone here can verify this and if you find a solution please let me know. For those of you running NTmail version 4 or 5 In the configuration screens there is an option on the ESMTP settings to turn the VRFY command off. I had my mail servers set that way knowing in my heart that VRFY is then disabled. Well today I'm running David's CIS.EXE program and low and behold it shows me that my mail servers have VRFY turned ON!! What does this mean you ask? Well the spammers use scripts to harvest email addresses, these scripts basically run a brute force "attack" on a mail server trying a dictionary of common email addresses to see if they exist, they harvest the ones they can confirm as active. With the vrfy command enabled it makes this incredibly easy, here is a sample session: J:\>netcat mail.gordano.com 25 220 mail.net-shopper.co.uk NTMail (v5.01.0003/AB0000.00.719cfeeb) ready for ESMTP transfer vrfy johns 250 johns@net-shopper.co.uk <johns@net-shopper.co.uk>. vrfy postmaster 250 postmaster@net-shopper.co.uk <postmaster@net-shopper.co.uk>. vrfy xxxxx 557 String does not match anything. as you can see, the mail server happily tells them not only when they hit an active account but it gives them the domain name making it very easy to write a single script that can be used against ALL NTmail 4 or 5 servers for email address harvesting. Geo.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:53 PDT