I tried the test on this page and it "failed" for the same reason...BUT - I have not either patched nor upgraded to the newest version (beta version) of poprelayd. So the question comes to mind, is this page an adequate test for this particular exploit? Or are we foolish for believing that this web page belongs to a "whitehat" and do we *REALLY* believe the results? -Jabie -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of jbay Sent: Friday, July 13, 2001 10:22 AM To: [EMAIL PROTECTED] Subject: Re: [cobalt-security] warning - early poprelay patch is invalid > http://members.iinet.net.au/~remmie/relay/ > > and found that i was an open relay for the last week. I think it's rather odd that this web page, when it finds a machine it can't relay through (mine) reports: "FAILURE - Unfortunately the program failed because...The host machine does not relay" "Unfortunately"!? hmmm. Well, this page looks like a good candidate for spammers to use to look for relays. I've null-routed it here; I don't want anyone looking at our machines via that domain period. And who knows what it's doing with the data it collects on machines that DO relay. Nothing good can come of having a page like that kicking around. For all we know, it takes a 'positive' output and forwards it to a dozen spammer mailing lists. abuse.org had something like that online at one time, I think, but now they only let you check from the machine you suspect is open; go to shell prompt on the suspect machine, and telnet relay-test.mail-abuse.org -- it'll tell you if you're open. also, the rpm you installed is out of date; the up-to-date one is poprelayd-2.0-5.noarch.rpm, not poprelayd-2.0-4.noarch.rpm _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
