Re: Nessus says I have an open relay

Tue, 09 Nov 2021 05:19:12 -0800 

On 09.11.21 13:11, White, Daniel E. (GSFC-770.0)[NICS] wrote:

I found this bash script to let me test without using telnet: 
https://gist.github.com/jsidhu/41cbfda16d487343a614ca0e271a660e

I tried it, adding a "-x" to the she-bang line to get output and I got this:
[ ~]$ sudo ./smtp.bash
++ date
+ D='Tue Nov  9 07:56:43 EST 2021'
+ timeout 1 bash -c 'cat < /dev/null > /dev/tcp/MAIL_SERVER_FQDN/25'
+ port_25=0
+ timeout 1 bash -c 'cat < /dev/null > /dev/tcp/MAIL_SERVER_FQDN/587'
+ port_587=0
+ echo 'Tue Nov  9 07:56:43 EST 2021 Port Check result: port_25:0 git:0'
Tue Nov  9 07:56:43 EST 2021 Port Check result: port_25:0 git:0
+ MAILSERVER=MAIL_SERVER_FQDN
+ PORT=25
+ MAILFROM='<>'
+ MAILTO=foo...@foobar.org
+ SUBJECT='email test MAIL_SERVER_FQDN:25'
+ DATA='this is a test email, please ignore. Tue Nov  9 07:56:43 EST 2021'
+ echo 'Connecting to MAIL_SERVER_FQDN on Port 25'
Connecting to MAIL_SERVER_FQDN on Port 25
+ exec
+ '[' 0 -ne 0 ']'
+ echo -en 'HELO MAIL_DOMAIN\r\n'
+ echo -en 'MAIL FROM:<>\r\n'
+ echo -en 'RCPT TO:foo...@foobar.org\r\n'
+ echo -en 'DATA\r\n'
+ echo -en 'Subject: email test MAIL_SERVER_FQDN:25\r\n\r\n'
+ echo -en 'this is a test email, please ignore. Tue Nov  9 07:56:43 EST 
2021\r\n'
+ echo -en '.\r\n'
+ echo -en 'QUIT\r\n'
+ cat
220 MAIL_SERVER_FQDN ESMTP Postfix
250 MAIL_SERVER_FQDN
250 2.1.0 Ok
250 2.1.5 Ok
354 End data with <CR><LF>.<CR><LF>
250 2.0.0 Ok: queued as F077F1016F54
221 2.0.0 Bye


so the server successfully accepted mail to remote recipient. That's called
open relay.
Note that nessus can't know if it's in server's $mynetwork.



And from the maillog, I get this:

Nov 09 12:56:44 MAIL_SERVER postfix/smtp[140754]: F077F1016F54:
to=<foo...@foobar.org>, relay=LOCAL_MDA[aaa.bbb.ccc.ddd]:25, delay=0.12,
delays=0.03/0.03/0.02/0.03, dsn=4.7.1, status=deferred (host
LOCAL_MDA[aaa.bbb.ccc.ddd] said: 454 4.7.1 <foo...@foobar.org>: Relay
access denied (in reply to RCPT TO command))
This means that the mailserver is not able to deliver the mail. The problem described by nessus is that it is willing to deliver it. 


exclude nessus's IP from $mynetworks.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton

Reply via email to