On Fri, Apr 19, 2002 at 09:28:17AM -0700, Sean 'Shaleh' Perry wrote: > HELO dontuthink.com > 250 server Hello 12-235-84-58.client.attbi.com [12.235.84.58] > MAIL FROM:<[EMAIL PROTECTED]> > 250 <[EMAIL PROTECTED]> is syntactically correct > RCPT TO:<[EMAIL PROTECTED]> > 550 relaying to <[EMAIL PROTECTED]> prohibited by administrator > > if you are relaying, I do not see how. > > If someone can relay through you they should be able to telnet to your smtp > port and send mail out like I just tried.
thanks. i did similar tests at paladinCorp.com (specifically, http://www.paladincorp.com.au/unix/spam/spamlart/ ) and they found some instaces where my setup didn't retch at certain questionable email syntaxes: here are the ones marked 'potential vulnerability'... Output from Anti-Relay Tests: Spam-Lart v0.3.2 220 server ESMTP Exim 3.12 #1 Fri, 19 Apr 2002 08:58:34 -0500 rcpt to: <"[EMAIL PROTECTED]"@mail.dontUthink.com> 250 <"[EMAIL PROTECTED]"@mail.dontUthink.com> is syntactically correct ** FAILURE / Potentital Vulnerability ** but i bet that'll look for use '[EMAIL PROTECTED]' ON MY SERVER. here's a result from a test i did: [EMAIL PROTECTED]: unknown local-part "will%dontuthink.com" in domain "serensoft.com" "[EMAIL PROTECTED]"@serensoft.com: unknown local-part "[EMAIL PROTECTED]" in domain "serensoft.com" and i suspect the same would apply for all the rest of these below-- rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <"[EMAIL PROTECTED]"@[208.33.90.85]> 250 <"[EMAIL PROTECTED]"@[208.33.90.85]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <"[EMAIL PROTECTED]"@mail.dontUthink.com> 250 <"[EMAIL PROTECTED]"@mail.dontUthink.com> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <"[EMAIL PROTECTED]"@[208.33.90.85]> 250 <"[EMAIL PROTECTED]"@[208.33.90.85]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <"[EMAIL PROTECTED]"@mail.dontUthink.com> 250 <"[EMAIL PROTECTED]"@mail.dontUthink.com> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <"[EMAIL PROTECTED]"@[208.33.90.85]> 250 <"[EMAIL PROTECTED]"@[208.33.90.85]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <"[EMAIL PROTECTED]"@mail.dontUthink.com> 250 <"[EMAIL PROTECTED]"@mail.dontUthink.com> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <"[EMAIL PROTECTED]"@[208.33.90.85]> 250 <"[EMAIL PROTECTED]"@[208.33.90.85]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** rcpt to: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct ** FAILURE / Potentital Vulnerability ** Just because a test may have failed does not mean your smtpd is vulnerable but is a good indication that you should investigate and confirm whether it is or not. right. my exim.conf includes rbl_domains = rbl.maps.vix.com rbl_reject_recipients = false rbl_warn_header = true host_accept_relay = localhost : 192.168.1.1/24 : 208.33.90.85/32 # commented-out: # percent_hack_domains=* what sanity checks does that miss? -- I use Debian/GNU Linux version 2.2; Linux server 2.2.17 #1 Sun Jun 25 09:24:41 EST 2000 i586 unknown DEBIAN NEWBIE TIP #60 from Vineet Kumar <[EMAIL PROTECTED]> : Been hoping to find A FEATURE-PACKED MUTT CONFIG FILE? Check out the ones at Sven Guckes' site: http://www.fefe.de/muttfaq/muttrc There's also some great vimrc ideas there, too. Also see http://newbieDoc.sourceForge.net/ ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
