Prev-20 Home Next-20 2 msg Duplicate messages with always_bcc 14 msg [OT] Saving outgoing email Gmail style 3 msg 451 error 10 msg Postfix 2.5 release candidate (and 2.6 snapshot... 2 msg postfix errors when sending smtp auth via yahoo 4 msg Documentation enhancement: Adjusting DB file pe... I don't want Postfix to confirm users via telnet \ Alejandro Facultad (15 Jan 2008) . \ Matt Hayes (15 Jan 2008) . . \ Alejandro Facultad (15 Jan 2008) . . . \ Matt Hayes (15 Jan 2008) . . . \ Noel Jones (15 Jan 2008) . . . . \ Charles Marcus (15 Jan 2008) . . . . . \ Noel Jones (15 Jan 2008) . . . . . . \ Brian Collins (15 Jan 2008) . \ mouss (15 Jan 2008) . \ Geert Hendrickx (15 Jan 2008) . \ Brian Evans (15 Jan 2008) 3 msg Question on Earthlink and dnsbl.sorbs.net 36 msg Re: Enforced Outbound TLS (part deux) 6 msg smtpd_proxy_filter to unix: problem 4 msg Again troubles with postfix and cyrus-sasl 3 msg Exclude local host from smtpd_proxy_filter 4 msg transport nexthop nexthop 3 msg TLS has been selected, but TLS support is not c... 2 msg Which documentation to read for this.. 4 msg Exchange 2003 to Postfix maildir migration 7 msg virtual_mailbox_base & LDAP 12 msg Enforced Outbound TLS 2 msg postfix+maildrop error 10 msg Outgoing IP address Prev-20 Home Next-20

Prev-Msg Prev-Thread Postfix-users Jan-2008 Next-Thread Next-Msg Subject: Re: I don't want Postfix to confirm users via telnet Group: Postfix-users From: Brian Evans Date: 15 Jan 2008 Alejandro Facultad wrote: > Dear all, I have a Postfix mail server and when someone execute > "telnet mail.company.com.ar 25", after that I use my test > account to send a mesaage and test my server: > > mail from: test <mailto:test> > 250 2.1.0 Ok > rcpt to: invalid_user <mailto:aa> > 550 5.1.1 <invalid_user <mailto:aa>>: > Recipient address rejected: User > unknown in virtual mailbox table > rcpt to: valid_user <mailto:mailvalido2> > 250 2.1.5 Ok > > Here I can see a hacker can put mail users in "RCPT TO"and verify they > exist. I don't want this because a hacker can make test several mail > users and after that he makes a list with valid users and use this > list for spam. > > How can I setup Postfix to respond always "Invalid user" inclusive the > "rcpt to" mail user exist, if someone do a telnet like above ??? > > Thanks a lot > > Alejandro > Personally, I've found a combination of DNSWL (to whitelist big domain IPs past blacklist checks), policyd-weight (to check blacklists and HELOs) to prevent a good portion of dictionary attacks from the outside world. I also use amavisd-new as a SpamAssassin and Virus checker. This keeps my Postfix run company email fairly clean. (I'll never expect 100% of course.) Brian Prev-Msg Prev-Thread Postfix-users Jan-2008 Next-Thread Next-Msg

© 2004-2008 readlist.com