Prev: address rewriting for remote clients
Next: Rejecting invalid email addresses with SMTP relay/forward
From: Philippe Cerfon on 27 Dec 2009 12:40
On Sun, Dec 27, 2009 at 6:35 PM, Christoph Anton Mitterer
<christoph.anton.mitterer(a)physik.uni-muenchen.de> wrote:
> Regards,
> Philippe
Uhm?! Aren't you Christoph? :-P
The bad face of identity theft ^^

Philippe.

From: Philippe Cerfon on 27 Dec 2009 12:43
On Sun, Dec 27, 2009 at 6:25 PM, Wietse Venema <wietse(a)porcupine.org> wrote:
> Without sending EHLO the client cannot know that the server supports
> ETRN, AUTH, etc., therefore such clients are not compliant. Perhaps
> some study of RFC 1869 is in order.
Ah,.. well ok,.. so far I just read the rfc5321 chater on ordering of commands..

Best wishes,
Philippe

From: Christoph Anton Mitterer on 27 Dec 2009 12:46
Quoting Philippe Cerfon <philcerf(a)googlemail.com>:
>> Regards,
>> Philippe
> Uhm?! Aren't you Christoph? :-P
> The bad face of identity theft ^^
Oops,.. ^^ That comes from not cleanly removing quotes ^^

Cheers,
Chris.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

From: Ansgar Wiechers on 27 Dec 2009 14:22
On 2009-12-26 Stan Hoeppner wrote:
> Len Conrad put forth on 12/26/2009 3:49 PM:
>> Requiring HELO is hardly an RFC-abusive setting. I expect almost no
>> legit, nor illegit, SMTP servers send EXPN or VRFY before helo,
>
> I'll add that just about everyone disables VRFY these days to prevent
> valid address harvesting,

Which, of course, is utterly pointless.

HELO example.org
MAIL FROM:<probe(a)example.org>
RCPT TO:<address_to_be_verified(a)example.net>
QUIT

Either your domain's valid addresses can be enumerated, or you're a
backscatterer. Take your pick.

Regards
Ansgar Wiechers
--
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky

From: John Peach on 27 Dec 2009 15:32
On Sun, 27 Dec 2009 20:22:33 +0100
Ansgar Wiechers <lists(a)planetcobalt.net> wrote:

> On 2009-12-26 Stan Hoeppner wrote:
> > Len Conrad put forth on 12/26/2009 3:49 PM:
> >> Requiring HELO is hardly an RFC-abusive setting. I expect almost no
> >> legit, nor illegit, SMTP servers send EXPN or VRFY before helo,
> >
> > I'll add that just about everyone disables VRFY these days to prevent
> > valid address harvesting,
>
> Which, of course, is utterly pointless.
>
> HELO example.org
> MAIL FROM:<probe(a)example.org>
> RCPT TO:<address_to_be_verified(a)example.net>
> QUIT
>

wrong.

there is a world of difference between;

502 5.5.1 VRFY command is disabled

and

250 2.1.5 Ok

or

550 5.1.1 <redacted> Recipient address rejected




--
John

First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5
Prev: address rewriting for remote clients
Next: Rejecting invalid email addresses with SMTP relay/forward