I thought of this initially, but then I forgot because of the general gain this patch gives.
We could introduce a delay for each not existing user, or a limit for the maximum number of "rcpt to". But for a massive hacker, that could not be a problem.
I'm thinking of a more sophisticated code, but I surely would need of a database where to record every attempt.
Let me know general opinions,
Tonino
At 01/09/03 01/09/03 -0700, Brad Dameron wrote:
Speaking of this patch. I think there is a potential of people being able to harvest e-mail accounts using a dictionary, etc. They can connect up and just validate e-mail addresses with this patch to determine if they are valid or not. This could be a spammers dream come true. I have seen this occur on sendmail servers.
Brad
- ----- Original Message -----
- From: Shane Chrisp
- Tonino,
- Thanks for the reply. That has fixed the problem. Compiles now, and it works still with
- the mysql backend.
- cheers
- Shane
------------------------------------------------------------
[EMAIL PROTECTED] Interazioni di Antonio Nati
http://www.interazioni.it [EMAIL PROTECTED]
------------------------------------------------------------
