Re: Open Relay?

To: debian-user-german@lists.debian.org
Subject: Re: Open Relay?
From: Gerhard Gaußling <ggrubbish@web.de>
Date: Sat, 29 Jan 2005 14:35:57 +0100
Message-id: <[🔎] 200501291435.57704.ggrubbish@web.de>
In-reply-to: <[🔎] 20050129123931.GF2902@server.linau.de>
References: <[🔎] 200501252013.07199.ggrubbish@web.de> <[🔎] 200501282016.16858.ggrubbish@web.de> <[🔎] 20050129123931.GF2902@server.linau.de>

Am Samstag 29 Januar 2005 13:39 schrieb Christian Schmidt:
> Hallo Gerhard,
>
> Gerhard Gaußling, 28.01.2005 (d.m.y):
> > danke für die Auffrischung, ich hatte das früher auch schonmal so
> > gemacht. Der letzte Test wird leider nicht bestanden. Hat
> > vielleicht jemand eine Idee, woran es liegt?
> >
> > Am Mittwoch 26 Januar 2005 10:52 schrieb Peter Blancke:
> > > Thomas Grieder <debian@moonsmile.ch> dixit:
> > > [...]
> > > Ich setze mich immer direkt auf den Mailserver drauf und mache
> > > ein
> > >
> > >   telnet relay-test.mail-abuse.org
> >
> > [...]
> > oder bedeutet <<< 221 debian closing connection, dass die E-Mail
> > dann doch verworfen wird?
>
> Es steht doch da:
> <<< 250 <nobody%mail-abuse.org@[213.6.36.105]> verified
> Und:
> System appeared to accept 1 relay attempts
>
> Hast Du mit Deinem System mittels "exim(4) -bh <ip-adresse>" nochmal
> gegengecheckt?

# exim -bh 172.181.203.112

**** SMTP testing session as if from host 172.181.203.112
**** Not for real!

>>> host in host_lookup? yes (*)
>>> looking up host name for 172.181.203.112
>>> IP address lookup yielded acb5cb70.ipt.aol.com
>>> host in host_reject? no (option unset)
>>> host in host_reject_recipients? no (option unset)
>>> host in rbl_hosts? yes (0.0.0.0/0)
>>> checking RBL domain blackholes.mail-abuse.org/reject
>>> RBL lookup for 112.203.181.172.blackholes.mail-abuse.org failed
>>> => that means it's not black listed at blackholes.mail-abuse.org
>>> checking RBL domain dialups.mail-abuse.org/reject
>>> RBL lookup for 112.203.181.172.dialups.mail-abuse.org failed
>>> => that means it's not black listed at dialups.mail-abuse.org
>>> checking RBL domain relays.mail-abuse.org/warn
>>> RBL lookup for 112.203.181.172.relays.mail-abuse.org failed
>>> => that means it's not black listed at relays.mail-abuse.org
>>> checking RBL domain rbl.mail-abuse.org/reject
>>> RBL lookup for 112.203.181.172.rbl.mail-abuse.org failed
>>> => that means it's not black listed at rbl.mail-abuse.org
>>> host in auth_hosts? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in receiver_unqualified_hosts? no (option unset)
>>> host in helo_verify? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
220 debian ESMTP Exim 3.36 #1 Sat, 29 Jan 2005 14:10:09 +0100
mail from: <spamtest@acb5cb70.ipt.aol.com>
>>> spamtest@acb5cb70.ipt.aol.com in sender_reject? no (option unset)
>>> spamtest@acb5cb70.ipt.aol.com in sender_reject_recipients? no 
(option unset)
250 <spamtest@acb5cb70.ipt.aol.com> is syntactically correct
rcpt to:<nobody%mail-abuse.org@[172.181.203.112]>
>>> [172.181.203.112] in local_domains? yes (matched [172.181.203.112])
>>> host in receiver_verify_hosts? yes (*)
>>> [172.181.203.112] in local_domains? yes (matched [172.181.203.112])
>>> [172.181.203.112] in percent_hack_domains? no (end of list)
>>> debian.workgroup.home in local_domains? yes (matched 
debian.workgroup.home)
>>> debian.workgroup.home in percent_hack_domains? no (end of list)
>>> debian.workgroup.home in local_domains? yes (matched 
debian.workgroup.home)
>>> debian.workgroup.home in percent_hack_domains? no (end of list)
250 <nobody%mail-abuse.org@[172.181.203.112]> verified
[hängt ENTER]
500 Unrecognized command

Ich weiß nicht genau, wie die session hier weitergehen soll.
Es tut sich aber offenbar eine Sicherheitslücke auf (zumindest mit 
compuserve), da in meinem lokalem Netz 172.16.0.0/24 zum adressieren 
gewählt ist. Ich dachte, dass das der IP Bereich für lokale Netze sei, 
ebenso wie 192.168.0.0/24 ?? Jetzt muß ich feststellen, dass 
172.128.0.0 - 172.191.255.255 zu AOL gehört, und irgendwie 
in local domains matcht. Sch...
Weshalb matcht das denn auf 172.128.0.0 - 172.191.255.255 ??

Nach RFC 1918 gehört 172.16.xxx.xxx. aber zu den privaten Netzen??

1918
Address Allocation for Private Internets Y. Rekhter, B. Moskowitz, D. 
Karrenberg, G. J. de Groot, E. Lear [ February 1996 ] (TXT = 22270 
bytes)(Obsoletes RFC1627, RFC1597)(Also BCP5)

http://www.netzmafia.de/rfc/rfc/rfc1918.txt

   The Internet Assigned Numbers Authority (IANA) has reserved the
   following three blocks of the IP address space for private internets:

     10.0.0.0        -   10.255.255.255  (10/8 prefix)
     172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
     192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

Aus der exim.conf (1st section):

        rbl_hosts = !192.168.0.0/24:0.0.0.0/0
|---------------------------^^^^ ok das sollte  172.16.0.0/24 sein, umso 
merkwürdiger, dass AOL als local_domains durchgeht.       
        recipients_reject_except = postmaster@workgroup.home
        host_accept_relay = 127.0.0.1 : ::::1 : 172.16.240.0/24
|-----------------------------------------------------------^^^Da steht 
explizit 172.16.240.0/24 und nicht etwa die address range von AOL 
 172.128.0.0 - 172.191.255.255

Sorry, ich kapier das nicht...

ciao

Gerhard

Reply to:

Follow-Ups:
- Re: Open Relay?
  - From: Markus Schulz <msc@antzsystem.de>

References:
- Open Relay?
  - From: Gerhard Gaußling <ggrubbish@web.de>
- Re: Open Relay?
  - From: Gerhard Gaußling <ggrubbish@web.de>
- Re: Open Relay?
  - From: Christian Schmidt <christian.schmidt@chemie.uni-hamburg.de>

Prev by Date: Re: ftp.de.debian.org nicht erreichbar
Next by Date: Re: Madwifi
Previous by thread: Re: Open Relay?
Next by thread: Re: Open Relay?
Index(es):
- Date
- Thread