[SA-exim] Question

Marc MERLIN marc at merlins.org
Thu Aug 7 20:59:52 PDT 2003


On Thu, Aug 07, 2003 at 10:01:16PM -0400, Justin F. Knotzke wrote:
> 
>    I am now able to reproduce teergrube using exim -bh and I witnessed
> the 451- "wait for more output". Rather cool.
> 
>    The question I have is teergrube assumes that the spammer will
> actually wait for the final 250 after a <CR><LF>. <CR><LF> is sent.
> 
>    Do they always?
 
In my experience, pretty much, yes

>    Could they not simply issue the <CR><LF>.<CR><LF> and then cut the
> connection?

They could, but then they wouldn't know that the spam got sent. If they cut
the connection, my MTA could abandon the delivery and their spam gets
dropped on the floor

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/   |   Finger marc_f at merlins.org for PGP key



More information about the SA-Exim mailing list