[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: None
From:       Rabid Wombat <wombat () mcfeely ! bsfs ! org>
Date:       1996-12-06 12:42:17
[Download RAW message or body]



On Fri, 6 Dec 1996 toon@cem-bb.e-mail.com wrote:

> Next topic:
> 
> Some1 told me that 'I have to filter out VERIFY and EXPAND when letting 
> mail through my firewall'. Can some1 explain me what this means?
> 

VERIFY and EXPAND are commands that can be issued to SENDMAIL. Their 
legitimate uses are:

Verify: determines if the username you've spcified exists
Expand: determines which usernames will recivie the mial sent to the 
address specified - for example, the account "root" might expand to 
usernames "bob" and "alice" if they are the sysadmins, and don't want to 
log in as "root" to check for root mail.

An intruder can telnet to port 25 and run these commands to gather 
information. You shouldn't allow access to port 25 on systems that AREN'T 
supposed to be receiving mail, anyway. You may want to block EXPAND, 
possibly verify as well, on the others.

-r.w.

[prev in list] [next in list] [prev in thread] [next in thread]