-Yes i believe so
Sendmail and other programs like that are sometimes vulnerable for attackers to steal accounts from. As far as going about doing this it would require some extensive work to do. Of course all of this is just my personel knowledge and I don't know if it's totally accurate. My suggestion would be to do some research on the internet.
Hope I helped
----------------------------------------
The End is Near
Can you hear it
Smell It
Taste It
.........
It is done
----------------------------------------
It's true that for some mail servers that are poorly configured, you can use SMTP to get lists of user names. The commands you're probably interested in are VRFY and EXPN. Take a look at RFC 821 for more information. This is becoming less of a problem now because most MTAs can easily be configured not to allow these commands to be used. Most spammers are use other ways to get email addresses like crawling web sites.
Sendmail and other programs like that are sometimes vulnerable for attackers to steal accounts from. As far as going about doing this it would require some extensive work to do. Of course all of this is just my personel knowledge and I don't know if it's totally accurate. My suggestion would be to do some research on the internet.
As for "extensive work" you can do this via telnet or automate it with a script so it's not exactly rocket science. It's just a matter of finding a mail server that allows these commands.
OpenBSD - The proactively secure operating system.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
Reply With Quote
