*BSD News Article 73895


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!spool.mu.edu!howland.reston.ans.net!swrinde!cs.utexas.edu!uwm.edu!math.ohio-state.edu!jussieu.fr!eurocontrol.fr!ramses.eurocontrol.fr!not-for-mail
From: rbt@eurocontrol.fr (Ollivier Robert)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Mail......What does this mean??
Date: 16 Jul 1996 09:11:02 GMT
Organization: Eurocontrol EEC, Bretigny, France
Lines: 32
Message-ID: <4sfmb6$44c@ramses.eurocontrol.fr>
References: <31e6811d.21963902@news.hq.af.mil>
NNTP-Posting-Host: mozart.eurocontrol.fr

 [courtesy cc of this posting sent to cited author via email]

In article <31e6811d.21963902@news.hq.af.mil>,
Scott Gregory <sgregory@pubspo.hq.af.mil> wrote:
> Jul 12 10:38:43 my.sys.name sendmail[17654]:  foo.bar
> [123.123.123.123]: vrfy lhammer
> 
> Each entry had a different last word (I assume this is a username?).

Yes. As others have already said, someone is probably trying to probe
you for usernames.

> Is this a security concern??  I'm STILL new at this so please explain
> in detail.

It may be a security concern if there are many attemps.

If it keeps on, mail the postmaster at the site and talk with him about
this.

BTW, you can refuse either VRFY or EXPN or both in your sendmail configuration.
I'd say keep VRFY but disable EXPN which will display too much information top
my taste (it follows .forward and aliases).

define(`confPRIVACY_OPTS',`authwarnings,noexpn,noreceipts')dnl

(the exact option name is from memory, check sendmail/cf/README).

in your whatever.mc file. m4 it and install in place of /etc/sendmail.cf.
-- 
Ollivier ROBERT   -=- Eurocontrol EEC/TIS -=-   Ollivier.Robert@eurocontrol.fr
Usenet Canal Historique