Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] Directory listing....
... this test just looks at the status-message from the server ...220 =
okay, but what matters is, whether a mail is delivered through your server
or not ... qmail says 220, meaning it accepts the mail for delivery but
according to the configuration it is not able to deliver this mail to the
recipient so it it will bounce it back ...

... a real relay test should try to send real mails and only if a real mail
is relayed, your server is really an open relay ... sounds reasonable, not?
fischers fritz ...:-)

best regards ...reto inversini


---- Original Message -----
From: "Mike Garabedian" <mikejr@xxxxxxxxxxxxxxx>
To: "Reto Inversini" <inversini@xxxxxxxxxxx>
Sent: Tuesday, February 05, 2002 8:39 PM
Subject: RE: [suse-security] Directory listing....


> Check this out...I set the rcpt hosts file, and put it in qmail...and my
> tests worked, so I went to the mail-abuse website and ran a test and this
is
> what happened...it seems that if they use my ip number it will go through.
> Connecting to 66.13.54.178 ...
> <<< 220 emergyscorp.com ESMTP <<< 220 emergyscorp.com ESMTP
> >>> HELO cygnus.mail-abuse.org
> <<< 250 emergyscorp.com
> :Relay test: #Quote test
> >>> mail from: <spamtest@xxxxxxxxxxxxxxxx>
> <<< 250 ok
> >>> rcpt to: <"nobody@xxxxxxxxxxxxxx">
> <<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
> >>> rset
> <<< 250 flushed
> :Relay test: #Test 1
> >>> mail from: <nobody@xxxxxxxxxxxxxx>
> <<< 250 ok
> >>> rcpt to: <nobody@xxxxxxxxxxxxxx>
> <<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
> >>> rset
> <<< 250 flushed
> :Relay test: #Test 2
> >>> mail from: <spamtest@xxxxxxxxxxxxxxxx>
> <<< 250 ok
> >>> rcpt to: <nobody@xxxxxxxxxxxxxx>
> <<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
> >>> rset
> <<< 250 flushed
> :Relay test: #test 3
> >>> mail from: <spamtest@localhost>
> <<< 250 ok
> >>> rcpt to: <nobody@xxxxxxxxxxxxxx>
> <<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
> >>> rset
> <<< 250 flushed
> :Relay test: #Test 4
> >>> mail from: <spamtest>
> <<< 250 ok
> >>> rcpt to: <nobody@xxxxxxxxxxxxxx>
> <<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
> >>> rset
> <<< 250 flushed
> :Relay test: #Test 5
> >>> mail from: <>
> <<< 250 ok
> >>> rcpt to: <nobody@xxxxxxxxxxxxxx>
> <<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
> >>> rset
> <<< 250 flushed
> :Relay test: #Test 6
> >>> mail from: <spamtest@xxxxxxxxxxxxxxxx>
> <<< 250 ok
> >>> rcpt to: <nobody@xxxxxxxxxxxxxx>
> <<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
> >>> rset
> <<< 250 flushed
> :Relay test: #Test 7
> >>> mail from: <spamtest@[66.13.54.178]>
> <<< 250 ok
> >>> rcpt to: <nobody@xxxxxxxxxxxxxx>
> <<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
> >>> rset
> <<< 250 flushed
> :Relay test: #Test 8
> >>> mail from: <spamtest@xxxxxxxxxxxxxxxx>
> <<< 250 ok
> >>> rcpt to: <nobody%mail-abuse.org@xxxxxxxxxxxxxxxx>
> <<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
> >>> rset
> <<< 250 flushed
> :Relay test: #Test 9
> >>> mail from: <spamtest@xxxxxxxxxxxxxxxx>
> <<< 250 ok
> >>> rcpt to: <nobody%mail-abuse.org@[66.13.54.178]>
> <<< 250 ok
> >>> QUIT
> <<< 221 emergyscorp.com
> Tested host banner: 220 emergyscorp.com ESMTP
> System appeared to accept 1 relay attempts
>
>
> How do I stop that?
> -----Original Message-----
> From: Reto Inversini [mailto:inversini@xxxxxxxxxxx]
> Sent: Tuesday, February 05, 2002 1:51 PM
> To: suse-security@xxxxxxxx
> Subject: Re: [suse-security] Directory listing....
>
>
> hi mike,
>
> I guess you mean that one can browse the directories of the webserver?
Check
> your httpd.conf or simply put an index.html in every directory. For
further
> information we need to know your exact configuration (which webserver,
your
> httpd.conf, etc.).
>
> qmail doesn't do any relaying by default. check your rcpthosts file. for
> further information on configuring qmail, check www.qmail.org and
> http://www.lifewithqmail.org/ or, more specifically on relaying:
> http://www.palomine.net/qmail/relaying.html ...
>
> best regards
> reto inversini
>
>
> ----- Original Message -----
> From: "Mike Garabedian" <mikejr@xxxxxxxxxxxxxxx>
> To: "Suse-Security" <suse-security@xxxxxxxx>
> Sent: Tuesday, February 05, 2002 7:38 PM
> Subject: [suse-security] Directory listing....
>
>
> > ...I did a test of my network and found a few linux holes...can someone
> tell
> > me how to find out about shutting off directory listings, because the
test
> > said my scripts directory is showing.
> >
> > And I am having trouble with relaying with qmail...I want it off
totally,
> I
> > just want people to get their pop3 mail and logoff.
> >
> > Any ideas?
> >
> >
> > --
> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> >
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>


< Previous Next >
This Thread
  • No further messages