Quoting Claudio Prono <claudio.pr...@atpss.net>: > Hello all, > > I use Postfix with mysql database for the users lookup. I have recently > found an information leak with the RCPT TO command. > > Here is an example: > > telnet mailserver 25 > Trying XXX.XXX.XXX.XXX... > Connected to mailserver. > Escape character is '^]'. > 220 mailserver ESMTP > helo mail > 250 mailserver > mail from: t...@test.com > 250 2.1.0 Ok > rcpt to: clau...@atpss.net > 250 2.1.5 Ok > rcpt to: root > 250 2.1.5 Ok > rcpt to: test > 550 5.1.1 <test>: Recipient address rejected: User unknown in local > recipient table > > How you can see, the rcpt to permit to verify the user, not only virtual > but also real (like root). There is any solution to fix that information > leak on my systems? Something like rcpt deny to some users, or all the > real users....
You can use fail2ban to add a firewall DROP rule for any IPs that guess too many (configurable) bad email addresses. Terry
