"Dustin Miller" <[EMAIL PROTECTED]> writes:
> It seems, from RoadRunner's recent probe of my qmail installation (yes, I
> know, the test was bogus) that qmail DIDN'T flag it as a bad RCPT host.
>
> I've enclosed the SMTP conversation between their security test and my qmail
> server. It doesn't seem to announce that a bad RCPT was given.
What is very odd is that this conversation doesn't show any
acknowledgements of the RCPT TO:<> values, until the final go.
> Connecting to 24.131.161.83 ...
> <<< 220 wfdevelopment.com ESMTP
> >>> HELO hrnva-sec01.rr.com
> <<< 250 wfdevelopment.com
> >>> MAIL FROM:<openrelaytest@localhost>
> <<< 250 ok
> >>> RCPT TO:<[EMAIL PROTECTED]>
[no response code here]
> >>> RSET
> <<< 250 flushed
Each time, there's an 'RSET' logged apparently directly after the RCPT
TO, until the final attempt:
> >>> RSET
> <<< 250 flushed
> >>> MAIL FROM:<openrelaytest@[24.131.161.83]>
> <<< 250 ok
> >>> RCPT TO:<[EMAIL PROTECTED]@[24.131.161.83]>
> <<< 250 ok
> >>> DATA
> <<< 354 go ahead
> >>> (message body)
> <<< 250 ok 945363799 qp 29925
which someone previously explained is because the mailbox part is
considered to be '[EMAIL PROTECTED]', until another component of qmail
rightly bounces it as a non-existent user.
The '[24.131.161.83]' domain literal, being the MTA host, is
presumably meant to test for the ability to relay with a local
sender's address.
As a demonstration:
% mconnect agent57.gbnet.net
connecting to host agent57.gbnet.net (194.70.126.12), port 25
connection open
220 agent57.gbnet.net ESMTP
helo blodwen.watching.org
250 agent57.gbnet.net
mail from:<[EMAIL PROTECTED]>
250 ok
rcpt to:<[EMAIL PROTECTED]>
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
quit
221 agent57.gbnet.net
So there you go. 'agent57.gbnet.net' won't relay for me, won't
accept 'acm.org' as local, *and* rejects it immediately.
James.
