home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

Previous Section Next Section

BadRcptThrottle
Slow excess bad RCPT TO: commands V8.12 and later

One method used to gather addresses for spamming is to misuse the RCPT TO: command. To illustrate, consider the following fragment of an SMTP session: 

RCPT To:<aa@your.domain>
550 5.1.1 <aa@your.domain>... User unknown
RCPT To:<ab@your.domain>
550 5.1.1 <ab@your.domain>... User unknown
RCPT To:<ac@your.domain>
550 5.1.1 <ac@your.domain>... User unknown
RCPT To:<ad@your.domain>
550 5.1.1 <ad@your.domain>... User unknown
RCPT To:<ae@your.domain>
250 2.1.0 <ae@your.domain>... Recipient ok
RCPT To:<af@your.domain>
550 5.1.1 <af@your.domain>... User unknown

Here, some other site has connected to your sendmail and started sending bad RCPT TO: commands for a series of possible usernames. These are alphabetical, but other such abuses might be based on lists of common names. Whenever sendmail replies with a 250, the other site knows that that address is good, and adds it to its list of spam addresses.

With V8.12 and later sendmail it is possible to impose a penalty on sites that send too many bad RCPT TO: commands. You do that by defining the BadRcptThrottle, like this: 

O BadRcptThrottle=num                configuration file (V8.12 and later) 
-OBadRcptThrottle=num                command line (V8.12 and later) 
define(`confBAD_RCPT_THROTTLE',`num')    mc configuration (V8.12 and later

Here, num is a textual representation of a positive integer. If num is negative, nonnumeric, or zero (the default), bad RCPT TO: commands are accepted without penalty. If num is positive, only that number of bad RCPT TO: commands are allowed in a single SMTP session before a penalty is imposed.

The penalty begins by logging the following warning:

other site: Possible SMTP RCPT flood, throttling.

Thereafter, every RCPT TO: command will be received by the local sendmail, which will sleep for one second before replying. The choice of one second is hardcoded in sendmail and cannot be changed.

The BadRcptThrottle option can be used in combination with the MaxRecipientsPerMessage option (MaxRecipientsPerMessage) to further limit the number of recipients per message.

The BadRcptThrottle option is safe. Even if it is specified from the command line, sendmail retains its special privileges.

    Previous Section Next Section