[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC#15 - sendmail configuration



What's the fuz about VRFY?!

Trying 2001:8e0:666:1::1...
Connected to sanity.ipv6.dominion.ch.
Escape character is '^]'.
220 sanity.dominion.ch ESMTP Dominion Message Host
ehlo atlantis.dolphins.ch
250-sanity.dominion.ch
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME
VRFY phoenix_(_at_)_dominion_(_dot_)_ch
252 phoenix_(_at_)_dominion_(_dot_)_ch
VRFY _syslogd
504 <_syslogd>: Recipient address rejected: need fully-qualified address
VRFY _syslogd_(_at_)_sanity_(_dot_)_dominion_(_dot_)_ch
252 _syslogd_(_at_)_sanity_(_dot_)_dominion_(_dot_)_ch
RSET
250 Ok
mail from: <>
250 Ok
rcpt to: <phoenix_(_at_)_dominion_(_dot_)_ch>
250 Ok

I can do the same with a "SMTP Interruptus" - So I prefer if folks use the VRFY to get my address right.. but it's noted, that I know
nobody or no service that makes use of VRFY...

I agree that EXPN is a little bit nasty - especially because it leads to a program that might be running suid root.

But I guess it's part of the "game" - Even if I show you where my binary is, your hands never get at it ;P

my 2c
Philipp

On Mon, Nov 10, 2003 at 17:29:17 +0100, Ed White wrote:
> Request to disable by default VRFY and EXPN commands.
> 
> When raptor (@antifork.org) told me I couldn't believe it.
> OpenBSD, secure-by-default, doesn't take this well known restriction measure.
> If it's true that by default sendmail bind on localhost, it's also true that
> most people _trust_ OpenBSD and so they don't check what's going on...
> 
> Well, if you think this is a well known fact take a look:
> 
> $ nslookup -type=MX openbsd.org
> openbsd.org     preference = 10, mail exchanger = cvs.openbsd.org
> openbsd.org     preference = 7, mail exchanger = openbsd.cs.colorado.edu
> 
> We found that "openbsd.cs.colorado.edu" is the primary OpenBSD mail server.
> Would it support VRFY and EXPN ?
> 
> $ telnet openbsd.cs.colorado.edu 25
> Trying 128.138.207.242...
> Connected to openbsd.cs.colorado.edu.
> Escape character is '^]'.
> 220 openbsd.org ESMTP Sendmail 8.12.10/8.12.10/millert ready willing and able 
> at Mon, 10 Nov 2003 04:10:07 -0700 (MST)
> VRFY root
> 250 2.1.5 <root_(_at_)_openbsd_(_dot_)_cs_(_dot_)_colorado_(_dot_)_edu>
> VRFY www
> 250 2.1.5 <www_(_at_)_openbsd_(_dot_)_cs_(_dot_)_colorado_(_dot_)_edu>
> VRFY hackers
> 250 2.1.5 <hackers_(_at_)_openbsd_(_dot_)_cs_(_dot_)_colorado_(_dot_)_edu>
> VRFY gobbles
> 550 5.1.1 gobbles... User unknown
> VRFY _syslogd
> 250 2.1.5 Syslog Daemon <_syslogd_(_at_)_openbsd_(_dot_)_cs_(_dot_)_colorado_(_dot_)_edu>
> VRFY _x11
> 250 2.1.5 X server <_x11_(_at_)_openbsd_(_dot_)_cs_(_dot_)_colorado_(_dot_)_edu>
> EXPN hackers
> 250 2.1.5 <"|/var/mj2/bin/mj_enqueue -r -d openbsd.org -l hackers -P20 -p20">
> EXPN misc
> 250 2.1.5 <"|/var/mj2/sbin/runprocmail misc">
> EXPN tech
> 250 2.1.5 <"|/var/mj2/sbin/runprocmail tech">
> EXPN ports
> 250 2.1.5 <"|/var/mj2/sbin/runprocmail ports">
> EXPN bugs
> 250 2.1.5 <"|/var/mj2/sbin/runprocmail bugs">
> expn microsoft-lovers
> 550 5.1.1 microsoft-lovers... User unknown
> quit
> 221 2.0.0 openbsd.cs.colorado.edu closing connection
> Connection closed by foreign host.
> 
> 
> On this page (http://www.burningvoid.com/iaq/expn-vrfy.html) you can find
> detailed explanation about VRFY/EXPN abuse and how to prevent it.
> 
> 
> 	Ed
> 
> 
> # http://hacking.openbsd.it/
> 

-- 
     _;\_    Philipp Morger / PHM2-RIPE     System & Network Administrator 
    /_.  \   Dolphins Network Systems AG    Phone +41-1-847'45'45
   |/ -\ .)  Email:			    <philipp_(_dot_)_morger_(_at_)_dolphins_(_dot_)_ch>
 -'^`-   \;  Don't send mail to:	    plonk_(_at_)_caretaker_(_dot_)_dolphins_(_dot_)_ch



Visit your host, monkey.org