Re: my isp is being told *i* am broadcasting spam?
On Fri, Apr 19, 2002 at 09:28:17AM -0700, Sean 'Shaleh' Perry wrote:
> HELO dontuthink.com
> 250 server Hello 12-235-84-58.client.attbi.com [12.235.84.58]
> MAIL FROM:<shaleh@dontuthink.com>
> 250 <shaleh@dontuthink.com> is syntactically correct
> RCPT TO:<shaleh@debian.org>
> 550 relaying to <shaleh@debian.org> prohibited by administrator
>
> if you are relaying, I do not see how.
>
> If someone can relay through you they should be able to telnet to your smtp
> port and send mail out like I just tried.
thanks. i did similar tests at paladinCorp.com (specifically,
http://www.paladincorp.com.au/unix/spam/spamlart/ ) and they
found some instaces where my setup didn't retch at certain
questionable email syntaxes:
here are the ones marked 'potential vulnerability'... Output
from Anti-Relay Tests:
Spam-Lart v0.3.2
220 server ESMTP Exim 3.12 #1 Fri, 19 Apr 2002 08:58:34 -0500
rcpt to: <"spamtest@paladincorp.com.au"@mail.dontUthink.com>
250 <"spamtest@paladincorp.com.au"@mail.dontUthink.com> is
syntactically correct
** FAILURE / Potentital Vulnerability **
but i bet that'll look for use 'spamtest@paladincorp.com.au' ON
MY SERVER. here's a result from a test i did:
will%dontUthink.com@serensoft.com:
unknown local-part "will%dontuthink.com" in domain "serensoft.com"
"will@dontUthink.com"@serensoft.com:
unknown local-part "will@dontuthink.com" in domain "serensoft.com"
and i suspect the same would apply for all the rest of these
below--
rcpt to: <spamtest%paladincorp.com.au@mail.dontUthink.com>
250 <spamtest%paladincorp.com.au@mail.dontUthink.com> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <paladincorp.com.au!spamtest@mail.dontUthink.com>
250 <paladincorp.com.au!spamtest@mail.dontUthink.com> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <"spamtest@paladincorp.com.au"@[208.33.90.85]>
250 <"spamtest@paladincorp.com.au"@[208.33.90.85]> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <spamtest%paladincorp.com.au@[208.33.90.85]>
250 <spamtest%paladincorp.com.au@[208.33.90.85]> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <paladincorp.com.au!spamtest@[208.33.90.85]>
250 <paladincorp.com.au!spamtest@[208.33.90.85]> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <"spamtest@paladincorp.com.au"@mail.dontUthink.com>
250 <"spamtest@paladincorp.com.au"@mail.dontUthink.com> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <spamtest%paladincorp.com.au@mail.dontUthink.com>
250 <spamtest%paladincorp.com.au@mail.dontUthink.com> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <paladincorp.com.au!spamtest@mail.dontUthink.com>
250 <paladincorp.com.au!spamtest@mail.dontUthink.com> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <"spamtest@paladincorp.com.au"@[208.33.90.85]>
250 <"spamtest@paladincorp.com.au"@[208.33.90.85]> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <spamtest%paladincorp.com.au@[208.33.90.85]>
250 <spamtest%paladincorp.com.au@[208.33.90.85]> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <paladincorp.com.au!spamtest@[208.33.90.85]>
250 <paladincorp.com.au!spamtest@[208.33.90.85]> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <"spamtest@paladincorp.com.au"@mail.dontUthink.com>
250 <"spamtest@paladincorp.com.au"@mail.dontUthink.com> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <spamtest%paladincorp.com.au@mail.dontUthink.com>
250 <spamtest%paladincorp.com.au@mail.dontUthink.com> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <paladincorp.com.au!spamtest@mail.dontUthink.com>
250 <paladincorp.com.au!spamtest@mail.dontUthink.com> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <"spamtest@paladincorp.com.au"@[208.33.90.85]>
250 <"spamtest@paladincorp.com.au"@[208.33.90.85]> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <spamtest%paladincorp.com.au@[208.33.90.85]>
250 <spamtest%paladincorp.com.au@[208.33.90.85]> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <paladincorp.com.au!spamtest@[208.33.90.85]>
250 <paladincorp.com.au!spamtest@[208.33.90.85]> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <"spamtest@paladincorp.com.au"@mail.dontUthink.com>
250 <"spamtest@paladincorp.com.au"@mail.dontUthink.com> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <spamtest%paladincorp.com.au@mail.dontUthink.com>
250 <spamtest%paladincorp.com.au@mail.dontUthink.com> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <paladincorp.com.au!spamtest@mail.dontUthink.com>
250 <paladincorp.com.au!spamtest@mail.dontUthink.com> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <"spamtest@paladincorp.com.au"@[208.33.90.85]>
250 <"spamtest@paladincorp.com.au"@[208.33.90.85]> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <spamtest%paladincorp.com.au@[208.33.90.85]>
250 <spamtest%paladincorp.com.au@[208.33.90.85]> is
syntactically correct
** FAILURE / Potentital Vulnerability **
rcpt to: <paladincorp.com.au!spamtest@[208.33.90.85]>
250 <paladincorp.com.au!spamtest@[208.33.90.85]> is
syntactically correct
** FAILURE / Potentital Vulnerability **
Just because a test may have failed does not mean your smtpd is
vulnerable but is a good indication that you should investigate
and confirm whether it is or not.
right. my exim.conf includes
rbl_domains = rbl.maps.vix.com
rbl_reject_recipients = false
rbl_warn_header = true
host_accept_relay = localhost : 192.168.1.1/24 : 208.33.90.85/32
# commented-out:
# percent_hack_domains=*
what sanity checks does that miss?
--
I use Debian/GNU Linux version 2.2;
Linux server 2.2.17 #1 Sun Jun 25 09:24:41 EST 2000 i586 unknown
DEBIAN NEWBIE TIP #60 from Vineet Kumar <debian-user@virtual.doorstop.net>
:
Been hoping to find A FEATURE-PACKED MUTT CONFIG FILE? Check
out the ones at Sven Guckes' site:
http://www.fefe.de/muttfaq/muttrc
There's also some great vimrc ideas there, too.
Also see http://newbieDoc.sourceForge.net/ ...
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: