I'm totally new to Python (as of half an hour ago) and trying to write a simple script to enumerate users on an SMTP server.

The users file is a simple list (one per line) of usernames.

The script runs fine but with each iteration of the loop it slows until, around loop 14, it seems to hang completely. No error - I have to ^c.

Can anyone shed some light on the problem please?

TIA, Tom

#!/usr/bin/pythonimport socket
import sysif len(sys.argv) != 2:print "Usage: vrfy.py <username file>"sys.exit(0)#open user file
file=open(sys.argv[1], 'r')
users=[x.strip() for x in file.readlines()]
file.close#Just for debugging
print users# Create a Socket
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Connect to the Server
connect=s.connect(('192.168.13.222',25))for x in users:# VRFY a users.send('VRFY ' + x + '\r\n')result=s.recv(1024)print result# Close the socket
s.close()

Most likely your SMTP server is tarpitting your client connection. This is a defense against runaway clients, or clients which submit large volumes of "junk" commands. From the manpage for Postfix smtpd:

   smtpd_junk_command_limit (normal: 100, stress: 1)The number of junk commands (NOOP, VRFY, ETRN or  RSET)  that  aremote  SMTP  client  can  send  before  the Postfix SMTP serverstarts to increment the error counter with each junk command.

The smtpd daemon will insert a 1-second delay before replying after a certain amount of junk is seen. If you have root access to the smtp server in question, try an strace to see if nanosleep syscalls are being issued by the server.

Here is a trace from running your script against my local server. After 100 VRFY commands it starts sleeping between commands. Your server may have a lower limit of ~15 junk commands:

nanosleep({1, 0}, 0x7fffda9a67a0)       = 0
poll([{fd=9, events=POLLOUT}], 1, 300000) = 1 ([{fd=9, revents=POLLOUT}])
write(9, "252 2.0.0 pat\r\n", 15)       = 15
poll([{fd=9, events=POLLIN}], 1, 300000) = 1 ([{fd=9, revents=POLLIN}])
read(9, "VRFY pat\r\n", 4096)           = 10