[Dshield] smtp test for open relay

Peter Van Eeckhoutte peter.ve at pandora.be
Mon Jun 23 15:15:41 GMT 2003


FYI : the tool at  http://kickme.to/dpsecurity has about 30 checks, and
you can write your own...

 


> -----Original Message-----
> From: list-bounces at dshield.org 
> [mailto:list-bounces at dshield.org] On Behalf Of Fred Grayson
> Sent: maandag 23 juni 2003 17:04
> To: list at dshield.org
> Subject: [Dshield] smtp test for open relay
> 
> 
> >I stand corrected, looks like theres some automated
> >process that kicks off doing a telnet to 
> relay-test.mail-abuse.org As 
> >follows: (kindda nice)
> 
> Snip........
> 
> Yes, very nice, but did you make it thru all 19 tests? ;-)
> 
> There's still quite a bit of older mail server code out there 
> still in use that passes the standard trivial by 
> hand attempt to relay mail. Yet these servers eventually wind 
> up being blacklisted, and when the owner 
> is pointed to this test site, they see that the code is 
> vulnerable to some esoteric trick used further down 
> the list of test.
> 
> At some time in the distant past, this test site would 
> terminate the testing upon the first succesful attempt 
> to relay mail, so you had to get that particular 
> vulnerability fixed, then go back and see if anything further 
> down in the list of tests was still waiting to be 
> exploitable. I have no idea if this aspect of the tester has 
> been fixed or not though.
> 
> 
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 
> 




More information about the list mailing list