[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rejecting unknown users

On Mon, Nov 10, 2003 at 07:36:25AM +0100, Damir Horvat wrote:
> On Sun, Nov 09, 2003 at 07:08:25PM -0600, Roy Bixler wrote:
> > This is documented at
> > "http://www.zmailer.org/zman/zadm-smtpserver.shtml".  You need to turn
> > on the "enable-router" option and then set the appropriate "EHLO-style
> > options" for checking "from" addresses, "to" addresses or both.  The
> > default "smtpserver.conf" file contains comments which should help you
> > do this.
> I have smtpserver running with '-sve -l /path/to/log/file',
> smtpserver.conf has 'enable-router' uncommented and following helo/ehlo
> options are set:
> \[*\]               999 ftveR
> *                   999 ftveR
> Roy, I hope this is what you were talking about?

Yes, it was.

> When I telnet to zmailer from remote host it says 'Ok(verified) Ok'
> for both, mail from: and rcpt to: addresses. However, it still accepts
> mail for <no_such_user_here@x-si.org>.

Why would it "verify OK" a non-existent user?  I see you've gotten
some better answers anyway.

Even if you get this setup working, it's far from obvious that it's
better than the default SMTP server behaviour.  Apart from the
security warnings and the increased system overhead that go with
running the router alongside of the SMTP server, it would ease
dictionary attacks.  On the other hand, it is appealing not to have to
accept junk for non-existent users in the first place.

Roy Bixler <rcb@ucp.uchicago.edu>
The University of Chicago Press
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi