Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!spool.mu.edu!howland.reston.ans.net!swrinde!cs.utexas.edu!uwm.edu!math.ohio-state.edu!jussieu.fr!eurocontrol.fr!ramses.eurocontrol.fr!not-for-mail From: rbt@eurocontrol.fr (Ollivier Robert) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: Mail......What does this mean?? Date: 16 Jul 1996 09:11:02 GMT Organization: Eurocontrol EEC, Bretigny, France Lines: 32 Message-ID: <4sfmb6$44c@ramses.eurocontrol.fr> References: <31e6811d.21963902@news.hq.af.mil> NNTP-Posting-Host: mozart.eurocontrol.fr [courtesy cc of this posting sent to cited author via email] In article <31e6811d.21963902@news.hq.af.mil>, Scott Gregory <sgregory@pubspo.hq.af.mil> wrote: > Jul 12 10:38:43 my.sys.name sendmail[17654]: foo.bar > [123.123.123.123]: vrfy lhammer > > Each entry had a different last word (I assume this is a username?). Yes. As others have already said, someone is probably trying to probe you for usernames. > Is this a security concern?? I'm STILL new at this so please explain > in detail. It may be a security concern if there are many attemps. If it keeps on, mail the postmaster at the site and talk with him about this. BTW, you can refuse either VRFY or EXPN or both in your sendmail configuration. I'd say keep VRFY but disable EXPN which will display too much information top my taste (it follows .forward and aliases). define(`confPRIVACY_OPTS',`authwarnings,noexpn,noreceipts')dnl (the exact option name is from memory, check sendmail/cf/README). in your whatever.mc file. m4 it and install in place of /etc/sendmail.cf. -- Ollivier ROBERT -=- Eurocontrol EEC/TIS -=- Ollivier.Robert@eurocontrol.fr Usenet Canal Historique