Sendmail change Return Code for rcpt Command
by dominomaniac from LinuxQuestions.org on (#52GGX)
For the Background: At the last Security Scan I had a finding called "SMTP enumeration of user accounts". This is a well known thing, there are tons of hints and tips how to use it to figure out user accounts on a System. But there is nothing to find how to fix it.
We have a couple of SMTP Relays running Sendmail 8.14.4 on CentOS 6.10. They are just internal Relays, take every Mail and route it according to a ruleset. My idea was to make sendmail respond always with a 251 or 252 instead of 250 when accepting a recipient Address. So the Response would give no information about valid accounts. Does someone know if this is possible?
It would also be interesting to find out under which conditions sendmail would normally respond with a 251 or 252.
We have a couple of SMTP Relays running Sendmail 8.14.4 on CentOS 6.10. They are just internal Relays, take every Mail and route it according to a ruleset. My idea was to make sendmail respond always with a 251 or 252 instead of 250 when accepting a recipient Address. So the Response would give no information about valid accounts. Does someone know if this is possible?
It would also be interesting to find out under which conditions sendmail would normally respond with a 251 or 252.