> Hi,
>
> Some host respond with a "250 User ok" for any given user, this patch will
> try and detect it.
also, 'intermail' responds with a 502
(actually, any 5xx command should be used to know that the command is
disabled)
220 mail.bellsouth.net ESMTP server (InterMail vM.5.01.04.05
201-253-122-122-105-20011231) ready Sun, 3 Feb 2002 18:59:38 -0500
helo f
250 imf04bis.bellsouth.net
expn ljlkj
502 Command is locally disabled
>
> Index: sendmail_expn.nasl
> ===================================================================
> RCS file: /usr/local/cvs/nessus-plugins/scripts/sendmail_expn.nasl,v
> retrieving revision 1.21
> diff -r1.21 sendmail_expn.nasl
> 115d114
> <
> 117,118c116,120
> <
> < if(ereg(string:r, pattern:"^(250|550).*$"))
> ---
> > s = string("EXPN random_user", rand(), "\r\n");
> > send(socket:soc, data:s);
> > r2 = recv(socket:soc, length:1024);
> >
> > if((ereg(string:r, pattern:"^(250|550).*$")) && !(ereg(string:r2,
> pattern:"^(250|550).*$")))
> 132c134,139
> < if(ereg(string:r, pattern:"^(250|550).*$"))
> ---
> >
> > s = string("VRFY random_user", rand(), "\r\n");
> > send(socket:soc, data:s);
> > r2 = recv_line(socket:soc, length:1024);
> >
> > if((ereg(string:r, pattern:"^(250|550).*$")) && !(ereg(string:r2,
> pattern:"^(250|550).*$")))
> 139a147
> >
>
> Thanks
> Noam Rathaus
> http://www.BeyondSecurity.com
> http://www.SecuriTeam.com
>
>
--
Michael Scheidell
Secnap Network Security, LLC
(561) 368-9561 scheidellat_private
Sign up Live WEBCAST Q & A : Should I migrate from IIS? http://www.secnap.net/
This archive was generated by hypermail 2b30 : Sun Feb 03 2002 - 16:00:54 PST