On Mon, Apr 21, 2008 at 09:15:05PM -0700, Bubuk Gabrok wrote: > Relay test 9 > >>> RSET > <<< 250 flushed > >>> MAIL FROM:<[EMAIL PROTECTED]> > <<< 250 ok > >>> RCPT TO:<"securitytest%abuse.net"> > <<< 250 ok > Relay test result > Hmmn, at first glance, host appeared to accept a > message for relay. > > THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY. > > Some systems appear to accept relay mail, but then > reject messages internally rather than delivering > them, but you cannot tell at this point whether the > message will be relayed or not. > > You cannot tell if it is really an open relay without > sending a test message; this anonymous user test DID > NOT send a test message.
I tried to abuse my servers. And it didn't worked directly, but
the situation seems to be bad.
My server interpreted <"securitytest%abuse.net"> as
<[EMAIL PROTECTED]> and bounced it back,
because this user does not exist. It shouldn't have taken it in
the first place, because I use RCPTCHECK.
So, you can misuse qmail-ldap servers, but the aim would be
<[EMAIL PROTECTED]> in this case...
So long,
Aiko
--
:wq ✉
signature.asc
Description: Digital signature
