Re: my isp is being told i am broadcasting spam?

To: debian-user@lists.debian.org
Subject: Re: my isp is being told *i* am broadcasting spam?
From: will trillich <will@serensoft.com>
Date: Sat, 20 Apr 2002 07:30:06 -0500
Message-id: <[🔎] 20020420073006.A11918@serensoft.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] XFMail.20020419092817.shalehperry@attbi.com>; from shalehperry@attbi.com on Fri, Apr 19, 2002 at 09:28:17AM -0700
References: <[🔎] 20020418215745.C7647@serensoft.com> <[🔎] XFMail.20020419092817.shalehperry@attbi.com>

On Fri, Apr 19, 2002 at 09:28:17AM -0700, Sean 'Shaleh' Perry wrote:
> HELO dontuthink.com
> 250 server Hello 12-235-84-58.client.attbi.com [12.235.84.58]
> MAIL FROM:<shaleh@dontuthink.com>
> 250 <shaleh@dontuthink.com> is syntactically correct
> RCPT TO:<shaleh@debian.org>
> 550 relaying to <shaleh@debian.org> prohibited by administrator
> 
> if you are relaying, I do not see how.
> 
> If someone can relay through you they should be able to telnet to your smtp
> port and send mail out like I just tried.

thanks. i did similar tests at paladinCorp.com (specifically,
http://www.paladincorp.com.au/unix/spam/spamlart/ ) and they
found some instaces where my setup didn't retch at certain
questionable email syntaxes:

here are the ones marked 'potential vulnerability'... Output
from Anti-Relay Tests:

	Spam-Lart v0.3.2
	220 server ESMTP Exim 3.12 #1 Fri, 19 Apr 2002 08:58:34 -0500 

	rcpt to: <"spamtest@paladincorp.com.au"@mail.dontUthink.com> 
	250 <"spamtest@paladincorp.com.au"@mail.dontUthink.com> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

but i bet that'll look for use 'spamtest@paladincorp.com.au' ON
MY SERVER. here's a result from a test i did:

  will%dontUthink.com@serensoft.com:
      unknown local-part "will%dontuthink.com" in domain "serensoft.com"

  "will@dontUthink.com"@serensoft.com:
      unknown local-part "will@dontuthink.com" in domain "serensoft.com"

and i suspect the same would apply for all the rest of these
below--

	rcpt to: <spamtest%paladincorp.com.au@mail.dontUthink.com> 
	250 <spamtest%paladincorp.com.au@mail.dontUthink.com> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <paladincorp.com.au!spamtest@mail.dontUthink.com> 
	250 <paladincorp.com.au!spamtest@mail.dontUthink.com> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <"spamtest@paladincorp.com.au"@[208.33.90.85]> 
	250 <"spamtest@paladincorp.com.au"@[208.33.90.85]> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <spamtest%paladincorp.com.au@[208.33.90.85]> 
	250 <spamtest%paladincorp.com.au@[208.33.90.85]> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <paladincorp.com.au!spamtest@[208.33.90.85]> 
	250 <paladincorp.com.au!spamtest@[208.33.90.85]> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <"spamtest@paladincorp.com.au"@mail.dontUthink.com> 
	250 <"spamtest@paladincorp.com.au"@mail.dontUthink.com> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <spamtest%paladincorp.com.au@mail.dontUthink.com> 
	250 <spamtest%paladincorp.com.au@mail.dontUthink.com> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <paladincorp.com.au!spamtest@mail.dontUthink.com> 
	250 <paladincorp.com.au!spamtest@mail.dontUthink.com> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <"spamtest@paladincorp.com.au"@[208.33.90.85]> 
	250 <"spamtest@paladincorp.com.au"@[208.33.90.85]> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <spamtest%paladincorp.com.au@[208.33.90.85]> 
	250 <spamtest%paladincorp.com.au@[208.33.90.85]> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <paladincorp.com.au!spamtest@[208.33.90.85]> 
	250 <paladincorp.com.au!spamtest@[208.33.90.85]> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <"spamtest@paladincorp.com.au"@mail.dontUthink.com> 
	250 <"spamtest@paladincorp.com.au"@mail.dontUthink.com> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <spamtest%paladincorp.com.au@mail.dontUthink.com> 
	250 <spamtest%paladincorp.com.au@mail.dontUthink.com> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <paladincorp.com.au!spamtest@mail.dontUthink.com> 
	250 <paladincorp.com.au!spamtest@mail.dontUthink.com> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <"spamtest@paladincorp.com.au"@[208.33.90.85]> 
	250 <"spamtest@paladincorp.com.au"@[208.33.90.85]> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <spamtest%paladincorp.com.au@[208.33.90.85]> 
	250 <spamtest%paladincorp.com.au@[208.33.90.85]> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <paladincorp.com.au!spamtest@[208.33.90.85]> 
	250 <paladincorp.com.au!spamtest@[208.33.90.85]> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <"spamtest@paladincorp.com.au"@mail.dontUthink.com> 
	250 <"spamtest@paladincorp.com.au"@mail.dontUthink.com> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <spamtest%paladincorp.com.au@mail.dontUthink.com> 
	250 <spamtest%paladincorp.com.au@mail.dontUthink.com> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <paladincorp.com.au!spamtest@mail.dontUthink.com> 
	250 <paladincorp.com.au!spamtest@mail.dontUthink.com> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <"spamtest@paladincorp.com.au"@[208.33.90.85]> 
	250 <"spamtest@paladincorp.com.au"@[208.33.90.85]> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <spamtest%paladincorp.com.au@[208.33.90.85]> 
	250 <spamtest%paladincorp.com.au@[208.33.90.85]> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	rcpt to: <paladincorp.com.au!spamtest@[208.33.90.85]> 
	250 <paladincorp.com.au!spamtest@[208.33.90.85]> is
	syntactically correct 
	** FAILURE / Potentital Vulnerability **

	Just because a test may have failed does not mean your smtpd is
	vulnerable but is a good indication that you should investigate
	and confirm whether it is or not.

right. my exim.conf includes

	rbl_domains = rbl.maps.vix.com
	rbl_reject_recipients = false
	rbl_warn_header = true
	host_accept_relay = localhost : 192.168.1.1/24 : 208.33.90.85/32
	# commented-out:
	# percent_hack_domains=*

what sanity checks does that miss?

-- 
I use Debian/GNU Linux version 2.2;
Linux server 2.2.17 #1 Sun Jun 25 09:24:41 EST 2000 i586 unknown
 
DEBIAN NEWBIE TIP #60 from Vineet Kumar <debian-user@virtual.doorstop.net>
:
Been hoping to find A FEATURE-PACKED MUTT CONFIG FILE? Check
out the ones at Sven Guckes' site:
	http://www.fefe.de/muttfaq/muttrc
There's also some great vimrc ideas there, too.

Also see http://newbieDoc.sourceForge.net/ ...


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: my isp is being told *i* am broadcasting spam?
  - From: Shawn McMahon <smcmahon@eiv.com>
- Re: my isp is being told *i* am broadcasting spam?
  - From: dman <dman@dman.ddts.net>

References:
- my isp is being told *i* am broadcasting spam?
  - From: will trillich <will@serensoft.com>
- Re: my isp is being told *i* am broadcasting spam?
  - From: "Sean 'Shaleh' Perry" <shalehperry@attbi.com>

Prev by Date: Re: apt-get upgrade won't
Next by Date: Re: check for root kit
Previous by thread: Re: my isp is being told *i* am broadcasting spam?
Next by thread: Re: my isp is being told *i* am broadcasting spam?
Index(es):
- Date
- Thread

Re: my isp is being told *i* am broadcasting spam?

Re: my isp is being told i am broadcasting spam?