Hi, I get the warning below on some of my servers.
Do I get something wrong here or is this test totally bogus? Obviously, my
server accepts mails to it's own host. It's not relaying them anywhere.
If the test wants to check for open relays (which is a good idea), it should
try to deliver a mail to another host (or some bogus host like
hsajdkahsda.com). If that is accepted, then there's a problem. Accepting mail
for it's own host is the purpose of an smtp server.
I assume the intention is to send to nob...@example.com, though the check
seems to get something wrong here.
-----------
Reported by NVT "Mail relaying (thorough test)" (1.3.6.1.4.1.25623.1.0.11852):
The remote SMTP server is insufficiently protected against relaying
This means that spammers might be able to use your mail server
to send their mails to the world.
OpenVAS was able to relay mails by sending those sequences:
MAIL FROM: <open...@[host]>
RCPT TO: <nobody%example....@[host]>
Risk factor : Medium
Solution : upgrade your software or improve the configuration so that
your SMTP server cannot be used as a relay any more.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail: ha...@hboeck.de
http://schokokeks.org - professional webhosting
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Openvas-devel mailing list Openvas-devel@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
