From: "Frank Ellermann" <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de>
Hector Santos wrote:
I did learn one new trick that I think I will implement and
explore - flip it around, test the random address first.
If accept, it is operating in an open relay behavior.
It could be also a "teergrube" accepting one character per
second after DATA (with a 5xx after the data). You're not
testing a dummy (empty) DATA, or are you ? I report this
crap as spam.
Interesting.
No. The CBV does not reach the DATA. You don't want to send a message.
Beside, if you were able to get to this point, you already got the result -
a PASS for the return path,
But from a host standpoint, even YAHOO.COM abandoned the DATA level user
validation for a RCPT TO user validation.
Here's a 12/2003 field testing log:
220 YSmtp mta224.mail.scd.yahoo.com ESMTP service ready
HELO mail.winserver.com
250 mta224.mail.scd.yahoo.com
mail from: <hecor(_at_)winserver(_dot_)com>
250 sender <hecor(_at_)winserver(_dot_)com> ok
RCPT TO: <adenabloss(_at_)yahoo(_dot_)ca>
250 recipient <adenabloss(_at_)yahoo(_dot_)ca> ok
RCPT TO: <adenabloss(_at_)yahoo(_dot_)ca>
250 recipient <adenabloss(_at_)yahoo(_dot_)ca> ok
data
354 go ahead
test
.
554 delivery error: dd This user doesn't have a yahoo.ca account
(adenabloss(_at_)yahoo(_dot_)ca) [0] - mta224.mail.scd.yahoo.com
quit
221 mta224.mail.scd.yahoo.com
Connection to host lost.
Here is a WCSAP captured log back in Jan/2005:
# connecting to 67.28.114.36
S: 220 YSmtp mta189.mail.dcn.yahoo.com ESMTP service ready
C: NOOP WCSAP v2.01 Wildcat! Sender Authentication
Protocol http://www.santronics.com
S: 250 OK
C: HELO mail.winserver.com
S: 250 mta189.mail.dcn.yahoo.com
C: MAIL FROM: <>
S: 250 null sender <> ok
C: RCPT TO: <good user hidden(_at_)yahoo(_dot_)com>
S: 250 recipient <good user hidden(_at_)yahoo(_dot_)com> ok
C: RCPT TO: <wcsap-openrelay-test-123sxa23(_at_)alqwejad(_dot_)com>
S: 452 Too many recipients
C: QUIT
I have all the logs to find out exactly when they switch if I have to go
there. Definitely shortly after 12/2003. :-)
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com