Re: sendmail_expn Patch

From: Michael Scheidell (scheidellat_private)
Date: Sat Feb 09 2002 - 05:43:42 PST

  • Next message: Noam Rathaus: "Re: sendmail_expn Patch"

    I also find a sendmail host that replies 502 and not 550:
    220 cob342.netlimited.net ESMTP Sendmail 8.10.2/8.10.2; Sat, 9 Feb 2002
    03:59:12 -0800
    250 cob342.netlimited.net Hello mail.fdma.com [216.241.67.73], pleased to
    meet you
    502 5.7.0 Sorry, we do not allow this operation
    quit
    
    manbe this patch should reflect the beginning '5' and not look for 550?
    maybe 550 and 502?
    
    Michael Scheidell
    SECNAP Network Security, LLC
    (561) 368-9561 scheidellat_private
    http://www.secnap.net
    ----- Original Message -----
    From: "Noam Rathaus" <noamrat_private>
    To: "Nessus Plugins Writers" <plugins-writersat_private>
    Sent: Sunday, February 03, 2002 5:07 PM
    Subject: sendmail_expn Patch
    
    
    > Hi,
    >
    > Some host respond with a "250 User ok" for any given user, this patch will
    > try and detect it.
    >
    > Index: sendmail_expn.nasl
    > ===================================================================
    > RCS file: /usr/local/cvs/nessus-plugins/scripts/sendmail_expn.nasl,v
    > retrieving revision 1.21
    > diff -r1.21 sendmail_expn.nasl
    > 115d114
    > <
    > 117,118c116,120
    > <
    > <   if(ereg(string:r, pattern:"^(250|550).*$"))
    > ---
    > >   s = string("EXPN random_user", rand(), "\r\n");
    > >   send(socket:soc, data:s);
    > >   r2 = recv(socket:soc, length:1024);
    > >
    > >   if((ereg(string:r, pattern:"^(250|550).*$")) && !(ereg(string:r2,
    > pattern:"^(250|550).*$")))
    > 132c134,139
    > <       if(ereg(string:r, pattern:"^(250|550).*$"))
    > ---
    > >
    > >         s = string("VRFY random_user", rand(), "\r\n");
    > >         send(socket:soc, data:s);
    > >         r2 = recv_line(socket:soc, length:1024);
    > >
    > >       if((ereg(string:r, pattern:"^(250|550).*$")) && !(ereg(string:r2,
    > pattern:"^(250|550).*$")))
    > 139a147
    > >
    >
    > Thanks
    > Noam Rathaus
    > http://www.BeyondSecurity.com
    > http://www.SecuriTeam.com
    >
    >
    



    This archive was generated by hypermail 2b30 : Sat Feb 09 2002 - 05:44:10 PST