More details:
I found this bash script to let me test without using telnet:
https://gist.github.com/jsidhu/41cbfda16d487343a614ca0e271a660e
I tried it, adding a "-x" to the she-bang line to get output and I got this:
[ ~]$ sudo ./smtp.bash
++ date
+ D='Tue Nov 9 07:56:43 EST 2021'
+ timeout 1 bash -c 'cat < /dev/null > /dev/tcp/MAIL_SERVER_FQDN/25'
+ port_25=0
+ timeout 1 bash -c 'cat < /dev/null > /dev/tcp/MAIL_SERVER_FQDN/587'
+ port_587=0
+ echo 'Tue Nov 9 07:56:43 EST 2021 Port Check result: port_25:0 git:0'
Tue Nov 9 07:56:43 EST 2021 Port Check result: port_25:0 git:0
+ MAILSERVER=MAIL_SERVER_FQDN
+ PORT=25
+ MAILFROM='<>'
+ MAILTO=foo...@foobar.org
+ SUBJECT='email test MAIL_SERVER_FQDN:25'
+ DATA='this is a test email, please ignore. Tue Nov 9 07:56:43 EST 2021'
+ echo 'Connecting to MAIL_SERVER_FQDN on Port 25'
Connecting to MAIL_SERVER_FQDN on Port 25
+ exec
+ '[' 0 -ne 0 ']'
+ echo -en 'HELO MAIL_DOMAIN\r\n'
+ echo -en 'MAIL FROM:<>\r\n'
+ echo -en 'RCPT TO:foo...@foobar.org\r\n'
+ echo -en 'DATA\r\n'
+ echo -en 'Subject: email test MAIL_SERVER_FQDN:25\r\n\r\n'
+ echo -en 'this is a test email, please ignore. Tue Nov 9 07:56:43 EST
2021\r\n'
+ echo -en '.\r\n'
+ echo -en 'QUIT\r\n'
+ cat
220 MAIL_SERVER_FQDN ESMTP Postfix
250 MAIL_SERVER_FQDN
250 2.1.0 Ok
250 2.1.5 Ok
354 End data with <CR><LF>.<CR><LF>
250 2.0.0 Ok: queued as F077F1016F54
221 2.0.0 Bye
[ ~]$
And from the maillog, I get this:
Nov 09 12:56:44 MAIL_SERVER postfix/smtp[140754]: F077F1016F54:
to=<foo...@foobar.org>, relay=LOCAL_MDA[aaa.bbb.ccc.ddd]:25, delay=0.12,
delays=0.03/0.03/0.02/0.03, dsn=4.7.1, status=deferred (host
LOCAL_MDA[aaa.bbb.ccc.ddd] said: 454 4.7.1 <foo...@foobar.org>: Relay access
denied (in reply to RCPT TO command))
If I change postfix to reject rather than defer, would that change the "command
line" response ?
On 11/8/21, 10:13, "owner-postfix-us...@postfix.org on behalf of White, Daniel
E. (GSFC-770.0)[NICS]" <owner-postfix-us...@postfix.org on behalf of
daniel.e.wh...@nasa.gov> wrote:
Sorry for the delay, but the scanner had network issues and could not
re-scan the MTA
It turns out that the scanner is in the subnets defined by "mynetworks"
But here is the interesting part: all the message attempts made by the
scanner were rejected. I went through the logs with a fine-toothed comb and
verified this. The stoooopid scanner is NOT seeing the rejections. I may need
to wireshark this before submitting a bug report to Tenable.
I will keep the list informed as stuff happens.
-----Original Message-----
From: <owner-postfix-us...@postfix.org> on behalf of Daniel White
<daniel.e.wh...@nasa.gov>
Date: Friday, October 29, 2021 at 10:22
To: "postfix-users@postfix.org" <postfix-users@postfix.org>
Subject: [Non-NASA Source][EXTERNAL] Re: Nessus says I have an open relay
AFAIK, it is on a different subnet than the ones in "mynetworks"
I can triple check with the team that runs them.
-----Original Message-----
From: <owner-postfix-us...@postfix.org> on behalf of Matus UHLAR -
fantomas <uh...@fantomas.sk>
Date: Friday, October 29, 2021 at 06:40
To: "postfix-users@postfix.org" <postfix-users@postfix.org>
Subject: [EXTERNAL] Re: Nessus says I have an open relay
On 29.10.21 10:33, White, Daniel E. (GSFC-770.0)[NICS] wrote:
>Nessus Plugin 10167: NTMail3 Arbitrary Mail Relay
>TCP post 25
[...]
>Nessus Plugin 11852: MTA Open Mail Relaying Allowed (thorough test)
>TCP port 25
>Plugin Output:
>Nessus was able to relay mails by sending those sequences :
[...]
>mynetworks = 127.0.0.0/8 <and other IP subnets>
is it possible that IP of your nessus server is here?
