[Dshield] smtp test for open relay

Blanchard, Joe BLANCHAJ at bsci.com
Mon Jun 23 14:24:35 GMT 2003


I stand corrected, looks like theres some automated
process that kicks off doing a telnet to relay-test.mail-abuse.org
As follows: (kindda nice)
[root at rocknyou root]# telnet relay-test.mail-abuse.org
Trying 204.152.187.123...
Connected to relay-test.mail-abuse.org.
Escape character is '^]'.
Connecting to 66.31.207.102 ...
<<< 220 Rocknyou.com ESMTP InternetMailer Mon, 23 Jun 2003 10:23:59 -0400
>>> HELO cygnus.mail-abuse.org
<<< 250 Rocknyou.com Hello cygnus.mail-abuse.org [204.152.187.123], pleased
to m
<<< 250 Rocknyou.com Hello cygnus.mail-abuse.org [204.152.187.123], pleased
to m
eet you
:Relay test: #Quote test
>>> mail from: <spamtest at h000625874766.ne.client2.attbi.com>
<<< 250 2.1.0 <spamtest at h000625874766.ne.client2.attbi.com>... Sender ok
>>> rcpt to: <"nobody at mail-abuse.org">
<<< 550 5.7.1 <"nobody at mail-abuse.org">... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
:Relay test: #Test 1
>>> mail from: <nobody at mail-abuse.org>
<<< 250 2.1.0 <nobody at mail-abuse.org>... Sender ok
>>> rcpt to: <nobody at mail-abuse.org>
<<< 550 5.7.1 <nobody at mail-abuse.org>... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
:Relay test: #Test 2
>>> mail from: <spamtest at maps1.pa.vix.com>
<<< 250 2.1.0 <spamtest at maps1.pa.vix.com>... Sender ok
>>> rcpt to: <nobody at mail-abuse.org>
Connection closed by foreign host.                        

-----Original Message-----
From: Mark Squire [mailto:msquire at lagraphico.com]
Sent: Monday, June 23, 2003 10:12 AM
To: General DShield Discussion List
Subject: RE: [Dshield] smtp test for open relay


Uhm . . . No, sorry.  His advice was sound.  Another way is to use
Netcat, but telnet <host> 25 works just fine if you want to connect to
smtp.

> -----Original Message-----
> From: Fred Grayson [mailto:fred at fred-grayson.net] 
> Sent: Monday, June 23, 2003 7:02 AM
> To: list at dshield.org
> Subject: [Dshield] smtp test for open relay
> 
> 
> Incorrect advice Joe. Connecting to the telnet port is the 
> way it works.
> 
> >Try telnet relay-test.mail-abuse.org 25
> >
> >Without the 25 you'll be attempting a telnet session and
> >not a SMTP session.
> >After connecting, you'll need to spoof an SMTP transaction using the 
> >traditional helo, mail from: , and rcpt to: followed by data 
> then the 
> >content.
> >
> >cheers
> >-Joe
> >
> >-----Original Message-----
> >From: Fred Grayson [mailto:fred at fred-grayson.net]
> >Sent: Monday, June 23, 2003 9:12 AM
> >To: list at dshield.org
> >Subject: [Dshield] smtp test for open relay
> >
> >
> >>Hi.
> >>
> >>Do you have links to ips web sites (or others) that test for open 
> >>relays for an IP ?  I've got one to test and I don't know 
> where to go.
> >
> >If you have access to the machine running the mail server 
> itself, you 
> >can test it. Just run this from a shell:
> >
> >telnet relay-test.mail-abuse.org
> >
> >
> >
> 
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list