Hi, Since the previous email bounced, I am resending it, sorry. --- Hi, I can do either of the two: 1) Give me the script, I will provide you with NASL (Learning curve, non-existing) 2) Show everyone the script, I will give you pointers how to write the NASL, give a small example for you to start from, and we will write it "together" (Learning curve, high). I would prefer 2 (Even though I know it will take longer, because I will be more happy to see others become able to utilize the good interface provided by NASL to write plugins, and see a less centralized writing plugins). Thanks Noam Rathaus http://www.BeyondSecurity.com http://www.SecuriTeam.com > > ----- Original Message ----- > From: "Hugo van der Kooij" <hvdkooijat_private> > To: <nessusat_private> > Sent: Wednesday, May 08, 2002 17:18 > Subject: Improving mail relay checks (was: "Nessus calls home") > > > > On Wed, 8 May 2002, Renaud Deraison wrote: > > > > > 1. SMTP checks > > > > > > Several SMTP checks send an email coming from are going to > > > nessusat_private (also test_1at_private and test_2at_private). These > > > checks are mostly used for bounce or old sendmail attacks. With these > > > checks, the expected behavior of the MTA is either to send a 50x error > > > code or to fail to the attack. Under some rare circumstances however, > > > the mail may be bounced back to nessusat_private, which is a > > > non-existing mailbox on mail.nessus.org. So if I were to spy on my > > > users, one could imagine I'd grep "nessusat_private" in > > > /var/log/maillog and see who's using Nessus. I don't do that, but I > > > admit it could be done. > > > > > > Why do I use "nessusat_private" ? Well, for the relay checks, it > > > sounded good to use a really existing mail domain, so that half smart > > > mailer which do some DNS checks on email address would not reject the > > > mail for the sole reason the email domain is not valid. I was suggested > > > to use example.com, but there's no MX for that domain, so I don't like > > > it. > > > > I have a simple script that requires 2 parameters. The IP address of the > > mailserver to test and a domain name that is present on that server. It > > uses a fixed but changeable sender address that is defined in the > > beginning of the script. > > > > It does test 21 mail relay variants and exceeds the present options > > available in nessus. I would welcome to work with someone familiar with > > nasl to create a better script to test all of these. > > > > This script will however not be able to verify everything. Some server do > > not report an error on the SMTP session but will not forward the message. > > So the only way to be sure is to verify that none of the 21 messages are > > arriving at the end address. > > > > Hugo. > > > > -- > > All email send to me is bound to the rules described on my homepage. > > hvdkooijat_private http://hvdkooij.xs4all.nl/ > > Don't meddle in the affairs of sysadmins, > > for they are subtle and quick to anger. > > > > >
This archive was generated by hypermail 2b30 : Wed May 08 2002 - 09:36:37 PDT