There are a variety of sites on the internet that will perform such a relay
probe for you. It's important to consider the possibility that the probe
script at some of these sites may not be perfect and the dialog echoed back
to your browser (or telnet session) may not be complete. (i.e. reject
messages may not be properly echoed back to your browser by the script.)
----- Original Message -----
From: Dustin Miller <[EMAIL PROTECTED]>
To: Chris Johnson <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, January 02, 2000 1:24 PM
Subject: RE: q-mail relay responses (revisited)
> It seems, from RoadRunner's recent probe of my qmail installation (yes, I
> know, the test was bogus) that qmail DIDN'T flag it as a bad RCPT host.
>
> I've enclosed the SMTP conversation between their security test and my
qmail
> server. It doesn't seem to announce that a bad RCPT was given.
>
> Connecting to 24.131.161.83 ...
> <<< 220 wfdevelopment.com ESMTP
> >>> HELO hrnva-sec01.rr.com
> <<< 250 wfdevelopment.com
> >>> MAIL FROM:<openrelaytest@localhost>
> <<< 250 ok
> >>> RCPT TO:<[EMAIL PROTECTED]>
> >>> RSET
> <<< 250 flushed
> >>> MAIL FROM:<openrelaytest>
> <<< 250 ok
> >>> RCPT TO:<[EMAIL PROTECTED]>
> >>> RSET
> <<< 250 flushed
> >>> MAIL FROM:<>
> <<< 250 ok
> >>> RCPT TO:<[EMAIL PROTECTED]>
> >>> RSET
> <<< 250 flushed
> >>> MAIL FROM:<openrelaytest@[24.131.161.83]>
> <<< 250 ok
> >>> RCPT TO:<[EMAIL PROTECTED]>
> >>> RSET
> <<< 250 flushed
> >>> MAIL FROM:<[EMAIL PROTECTED]>
> <<< 250 ok
> >>> RCPT TO:<[EMAIL PROTECTED]>
> >>> RSET
> <<< 250 flushed
> >>> MAIL FROM:<openrelaytest@[24.131.161.83]>
> <<< 250 ok
> >>> RCPT TO:<[EMAIL PROTECTED]@[24.131.161.83]>
> <<< 250 ok
> >>> DATA
> <<< 354 go ahead
> >>> (message body)
> <<< 250 ok 945363799 qp 29925
>
> -----Original Message-----
> From: Chris Johnson [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, January 02, 2000 10:59 AM
> To: Dustin Miller
> Cc: [EMAIL PROTECTED]
> Subject: Re: q-mail relay responses (revisited)
>
>
> On Sun, Jan 02, 2000 at 10:40:59AM -0600, Dustin Miller wrote:
> > I was going over the qmail pictures to see if I could get a little more
> > insight into the hows and whys of qmail's failure to throw an exception
of
> > some kind the moment someone unauthorized attempts a relay. As it is,
it
> > doesn't give any indication to the end user that he's not allowed to be
> > doing what he's doing, so all of us get random messages from security
> > people, blah blah blah.
> >
> > Here's the deal.
> >
> > Here's the "unauthorized relay" picture from the qmail package:
> >
> > ---[ begin picture ]---
> > qmail-smtpd Receive message by SMTP from another host:
> >
> > MAIL FROM:<[EMAIL PROTECTED]>
> > RCPT TO:<[EMAIL PROTECTED]>
> >
> > Is $RELAYCLIENT set? No.
> > Is irs.gov in rcpthosts? No.
> > Reject RCPT.
> > ---[end picture ]---
> >
> > But qmail doesn't immediately reject RCPT. Rejecting the RCPT here
would
> > not give up any security information (that I can see). AFAICT, qmail
> waits
> > until after the data command is passed and ended with a "." before it
> barks
> > up that you can't relay.
>
> qmail DOES immediately reject the recipient. The above is all wrong.
>
> Chris
>
>
