SMTP VRFY and EXPN commands are individually logged in a form suchas one of
the following:
Sep 22 11:40:43 yourhost sendmail[pid]: other.host: vrfy all
Sep 22 11:40:43 yourhost sendmail[pid]: [222.33.44.55]: vrfy all
Sep 22 11:40:43 yourhost sendmail[pid]: other.host: expn all
Sep 22 11:40:43 yourhost sendmail[pid]: [222.33.44.55]: expn all
This shows that someone from the outside (other.host in the first and third examples)
attempted to probe for usernames in the mailing list named all. In the second
and last examples, the probing hostname could not be found, so the IP address is
printed instead (in the square brackets). Note that this form of logging is enabled
only if the LogLevel option (?§24.9.61 on page 1040) is greater than 5.
* See the F=q flag (?§20.8.41 on page 778) for a way and reason to change this SMTP reply code to 252.
?? Th efingerd(8) daemon can also reveal login IDs.
??? The GNU fingerd(8) daemon also uses VRFY to provide mailbox information.
This is the Title of the Book, eMatter Edition
Copyright ?© 2007 O??™Reilly & Associates, Inc. All rights reserved.
160 | Chapter 4: Maintain Security with sendmail
Pre-V8 versions of sendmail do not report SMTP VRFY or EXPN attempts at all.
Some versions of sendmail (suchas the HP-UX version) appear to verify but really
only echo the address stated.
V8 sendmail allows VRFY and EXPN services to be accepted or rejected on the basis
of the setting of the PrivacyOptions option (?§24.
Pages:
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311