[Openvas-devel] openvas relay check bogus?
Michael Meyer
mime at gmx.de
Tue Aug 11 12:53:21 CEST 2009
Hello Hanno,
*** Hanno Böck <hanno at hboeck.de> wrote:
> It's a courier host.
>
> Am Montag 10 August 2009 schrieb Michael Meyer:
> > | telnet MTA 25
> > | HELO domain.tld
> > | MAIL FROM: <mail at domain.tld>
> > | RCPT TO: <hanno%hboeck.de at domain.tld>
> > | DATA
> > | From: <mail at domain.tld>
> > | To: <hanno%hboeck.de at domain.tld>
> > | Subject: test
> > |
> > | test
> > | .
> > | QUIT
>
> On that I get
> 517-Domain does not exist: domain.tld
>
> if I replace it with the hosts domain I get
> 517 SPF fail usrportage.de: Address does not pass the Sender Policy Framework
Hmm...
,---|
| mime at kira:~ % telnet usrportage.de 25
| Trying 78.46.69.2...
| Connected to usrportage.de.
| Escape character is '^]'.
| 220 milch.schokokeks.org ESMTP
| helo localhost
| 250 milch.schokokeks.org Ok.
| MAIL FROM: <mail at usrportage.de>
| 250 Ok.
| RCPT TO: <mime%gmx.de at usrportage.de>
| 250 Ok.
| DATA
| 354 Ok.
| FROM: <mail at usrportage.de>
| To: <mime%gmx.de at usrportage.de>
| Subject: test
|
| test
| .
| 250 Ok. 000000004A813915.000053F2
| quit
| 221 Bye.
| Connection closed by foreign host
`---|
Somebody should have a look in the logs to see what happend with
the Mail with ID "000000004A813915.000053F2". Because this Mail was
accepted, this host was recognized as an open relay, even if the mail
was discarded internal. The Script could not detect that. ;-)
The mail never arrived here, so i think it was truly discarded
internal.
,---|
| mime at kira:~ % telnet ben.ebiz-webhosting.de 25
| Trying 213.203.248.138...
| Connected to ben.ebiz-webhosting.de.
| Escape character is '^]'.
| 220 ben.ebiz-webhosting.de ESMTP ben.ebiz-webhosting.de
| helo localhost
| 250 ben.ebiz-webhosting.de
| MAIL FROM: <bla at ben.ebiz-webhosting.de>
| 250 2.1.0 Ok
| RCPT TO: <mime%gmx.de at ben.ebiz-webhosting.de>
| 554 5.7.1 <mime%gmx.de at ben.ebiz-webhosting.de>: Recipient address rejected: Relay access denied
`---|
,---|
| mime at kira:~ % telnet usrportage.de 25
| Trying 78.46.69.2...
| Connected to usrportage.de.
| Escape character is '^]'.
| 220 milch.schokokeks.org ESMTP
| helo localhost
| 250 milch.schokokeks.org Ok.
| MAIL FROM: <mail at usrportage.de>
| 250 Ok.
| RCPT TO: <mime at gmx.de>
| 513 Relaying denied.
`---|
You see the difference? ;-)
Micha
More information about the Openvas-devel
mailing list