[ On Wednesday, February 5, 2003 at 20:54:19 (+0000), Andy Bastien wrote: ] > Subject: email address probes > > I'd like to be able to stop these attempts, but I can't think of a way > to do it. If there's no local user for the "attempt" then the most correct way, and I suppose best and only proper way, to answer the invalid "RCPT TO:" is indeed with just a plain simple "550 User unknown" (or "550-5.1.1 User unknown" if your server supports ESMTP ESN). If the connections come fast and furious from the same remote server then you can introduce a delay before you send your reject reply status code, or even send a "550-User unknown" line, then pause for up to a minute or two, and finally a "550 Thanks for trying!" line. Some people call this scheme a "tar pit" -- it slows down a rabid sender because it forces it to wait for the last line of the multi-line 550 message. -- Greg A. Woods +1 416 218-0098; <g.a.woodsat_private>; <woodsat_private> Planix, Inc. <woodsat_private>; VE3TCP; Secrets of the Weird <woodsat_private> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 09:11:13 PST