Re: [TCLUG:17174] Sendmail AntiRelaying

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:17174] Sendmail AntiRelaying
From: <fritchie@mr.net>
Date: Wed, 03 May 2000 11:19:07 -0700

As has been mentioned previously, the mechanism for restricting SMTP
relay within sendmail differ.  You need at least version 8.8.  Version
8.10 is the current release.

Checking for an open relay is pretty easy.  First, log in to a machine
outside your network, someplace that your SMTP server should consider
"the outside world" and thus hostile (or at least worthy of greater
scruitiny).

Then use "telnet" to talk to your SMTP server.  Mine is known as
mx.snookles.com.  The stuff I actually type has a ">>> " prefix; don't
try typing it yourself.  :-)

% telnet mx.snookles.com 25
Trying 137.192.130.129...
Connected to mx.snookles.com.
Escape character is '^]'.
220 fw.snookles.com ESMTP Sendmail Pro-8.10.0.Beta2/Pro-8.10.0.Beta2; Wed, 3 May 2000 13:22:44 -0500 (CDT)
>>> helo asdf
250 fw.snookles.com Hello fritchie@freenet.msp.mn.us [206.8.96.2], pleased to meet you
>>> mail from: <foo@bar.com>
250 2.1.0 <foo@bar.com>... Sender ok
>>> rcpt to: <foo@bar.com>
550 5.7.1 <foo@bar.com>... Relaying denied
>>> quit
221 2.0.0 fw.snookles.com closing connection
Connection closed by foreign host.

Note that I'm not following the SMTP RFCs to the letter, e.g. incomplete
"HELO" info, not using uppercase.  The big thing you're looking for is
a
permanent error code, 5xx, when listing a recipient that your server 
isn't responsible for delivering to.  If you get a "250" sender ok 
response, you've got an open relay.

-Scott

Prev by Date: Re: [TCLUG:17174] Sendmail AntiRelaying
Next by Date: Re: [TCLUG:17167] Anime <WAYYY OT>
Prev by thread: Reboots was: RE: [TCLUG:17072] Rebuttal
Next by thread: XFree 4.0
Index(es):
- Date
- Thread