18 May
2002
18 May
'02
1:46 p.m.
On May 18, 10:19, Zane H. Healy wrote:
I'm assuming the following means it's safe for
me to have this system
connected to the net. I'm now in the process of also testing with
www.ordb.com, and have already tried the telnet trick posted earlier.
Relay test 3
Um, no, I'm afraid it means your SMTP software bombed. It failed to go to
the reset (initial) state after the second test, so the test sequence was
aborted, and the remaining 16 or so (?) tests weren't carried out. I
wouldn't trust that software just yet...
I think the next test would have been something involving a message
ostensibly from the "<>" address (which represents the mailer daemon),
and
then some tests involving forged addresses intended to look like your own
domain, and then assorted routed or malformed addresses. Some of these are
very important, and your site hasn't been tested for most of them.
--
Pete Peter Turnbull
Network Manager
University of York
>> RSET
<<<
Relay test result
Could not reset connection, test failed. 
18 May
18 May
2:49 p.m.
It was thus said that the Great Pete Turnbull once stated:
I think the next test would have been something involving a message
ostensibly from the "<>" address (which represents the mailer daemon),
and
then some tests involving forged addresses intended to look like your own
domain, and then assorted routed or malformed addresses. Some of these are
very important, and your site hasn't been tested for most of them.
I've had to harden sendmail against some of these attacks (by modifying
sendmail.cf [1]). Assuming that ``sean(a)conman.org'' (my spam catching
address) is the one being targeted, and ``armigeron.com'' (which I do some
side work for from time to time) is the host being used for the relay, I've
had to check for:
"sean@conman.org"@armigern.com
sean@conman.org@armigeron.com
"sean%conman.org"(a)armigeron.com
sean%conman.org(a)armigeron.com
"sean(a)conman.org"%armigeron.com
sean(a)conman.org%armigeron.com
There may be a few more obscure methods, but I think those where the only
ones I needed to protect against.
-spc (Been there, done that, used be listed on MAPs or ORBs or one of
those systems ... )
[1] I modified the current senamil.cf because I had modified the
sendmail configuration to support virtual domains (before sendmail
had included support through virtusertable[2]) and using a more
current sendmail.cf would have removed such modifications.
[2] I decided not to use sendmail.cf's virtusertable because the method
I used was more flexible (each domain has their own file) and
because a customer of Armigeron had the ability to modify the email
addresses for their domains (whereas using virtusertable, *every*
domain is in a single file). Plus, a recipient email address can
have more than one destination address (another restriction of
virtusertable that requires some nasty workarounds).
3:39 p.m.
Um, no, I'm afraid it means your SMTP software
bombed. It failed to go to
the reset (initial) state after the second test, so the test sequence was
aborted, and the remaining 16 or so (?) tests weren't carried out. I
wouldn't trust that software just yet...
Relay test 2
>> RSET
<<< 250 OK
>> MAIL FROM:<spamtest>
<<<
550 Closing transmission channel.
Relay test 3
>> RSET
<<<
Actually as near as I can tell, the reason test 3 is failing is because VMS
reacted to test 2 by breaking the connection. This seems to be verified by
my results from telneting in on port 25.
Zane
--
| Zane H. Healy | UNIX Systems Administrator |
| healyzh(a)aracnet.com (primary) | OpenVMS Enthusiast |
| | Classic Computer Collector |
+----------------------------------+----------------------------+
| Empire of the Petal Throne and Traveller Role Playing, |
| PDP-10 Emulation and Zane's Computer Museum. |
| http://www.aracnet.com/~healyzh/ |
8302
days inactive
8302
days old
2 comments
3 participants
participants (3)
-
healyzh@aracnet.com -
pete@dunnington.u-net.com -
spc@conman.org