Re: smtpd_helo_required compliance with the RFC

Ansgar Wiechers Sun, 27 Dec 2009 11:23:10 -0800

On 2009-12-26 Stan Hoeppner wrote:
> Len Conrad put forth on 12/26/2009 3:49 PM:
>> Requiring HELO is hardly an RFC-abusive setting.  I expect almost no
>> legit, nor illegit, SMTP servers send EXPN or VRFY before helo, 
> 
> I'll add that just about everyone disables VRFY these days to prevent
> valid address harvesting,


Which, of course, is utterly pointless.

HELO example.org
MAIL FROM:<pr...@example.org>
RCPT TO:<address_to_be_verif...@example.net>
QUIT

Either your domain's valid addresses can be enumerated, or you're a
backscatterer. Take your pick.

Regards
Ansgar Wiechers
-- 
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky

Re: smtpd_helo_required compliance with the RFC

Reply via email to