On 2017-11-05 Paul Graham <[email protected]> wrote:
> Package: exim4-config
> Version: 4.90~RC1-1
> Severity: normal

> Dear Maintainer,

> *** Reporter, please consider answering these questions, where appropriate ***

>    * What led up to the situation?

> This recently came up in Exim logs:

> 2017-11-03 16:22:39 H=(ws2008) [10.20.30.40] F=<[email protected]> 
> rejected RCPT <[email protected]>: Sender verify failed
[...]
> It reveals that an attacker took advantage that sender verification happens 
> before relay checks to perform a brute force scan that revealed valid 
> addresses in our domain.

>    * What exactly did you do (or not do) that was effective (or
>      ineffective)?

> We moved sender verification so that it happens after relay check.

>    * What was the outcome of this action?

> After this change, it's no longer possible for an attacker to use this 
> technique to extract information. All their attempts would result in "relay 
> not permitted" regardless of sender address.
[...]

I do not see the attacker gain, the same information can be extracted by
trying out RCPT TO *@omega-software.com with FROM [email protected].

What am I missing?

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Reply via email to