Hi all, One of our servers got blacklisted on dsbl.org and as it turned out, it was caused by a succesfull open relay-attempt. DSBL.ORG made use of some kind of exploit which I'm now investigating. They are sending a message to themselves and if they succeed in getting it through, your server gets listed in their blacklist.
They succeed in getting it through by using an exclamation mark in the "RCPT TO" The smtp is (probably) the following: 220 smtp.ourdomain.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 25 Feb 2008 10:23:20 +0100 helo dsbl.org 250 smtp.ourdomain.com Hello noc.saveho.com [84.96.74.10], pleased to meet you mail from: <[EMAIL PROTECTED]> 250 2.1.0 <[EMAIL PROTECTED]>... Sender ok rcpt to: [EMAIL PROTECTED] 250 2.1.5 [EMAIL PROTECTED] Recipient ok DATA 354 Enter mail, end with "." on a line by itself jksdbvksd . 250 2.0.0 m1P9NKiw010009 Message accepted for delivery quit Does anyone have any info on this open-relay exploit and how to prevent sendmail from relaying? Thanks in advance, JP ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
