Funkcni sendmail, ktery projde testy ORBS (longer)
Petr Divis
divis na bitservis.cz
Čtvrtek Listopad 18 15:53:30 CET 1999
Mel jsem stejny problem (RH5 se sendmail 8.8.7) dostatecne nesmyslna
hlavicka prosla i pres zakazany relay a mimo jine mel nejake bugy buffer
overflow. Stacilo nainstalovat balik z RH6 (sendmail 8.9.3), ten je ok co se
tyce ORBSu.
Petr Divis
----- Original Message -----
From: Martin Och <martin na och.cz>
To: <sendmail na linux.cz>
Sent: 18. listopadu 1999 15:39
Subject: Funkcni sendmail, ktery projde testy ORBS (longer)
> Dobry den.
>
> Na uvod dve slova - jsem zoufaly...
>
> Pred casem byly moje mail servery umisteny na black list ORBSu.
> Nejakou dobu jsem se tomu nevenoval, ale ted si v tom chci udelat poradek.
> Dle nejakych linku na http://www.orbs.org mi doporucili bezpecny sendmail,
> ktery ma oznaceni 8.9.3-7isp.
>
> Tak jsem si ho nainstaloval, nastavil, do sendmail.cw, ze ma prijimat
postu jen
> pro sam sebe, do relay-domains jsem dal ze ma delat relay jen pro jednu
domenu.
> Nastartoval jsem ho, a na orbsu odklikl, ze je muj server secured...
>
> Zacaly probihat nejake testy (byly videt ve /var/log/maillog) a vse co slo
z orbsu
> koncilo relaying denied, popr. hlaskou Lost input chnanel, coz mimochodem
nevim,
> co znamena...
> Zacal jsem si mnout ruce, ze je to OK, ale chyba lavky...
> Najednou mi na ten stroj prisel majl, ktery znel:
>
> ---CUT HERE ---
>
> >From notifier na orbs.org Thu Nov 18 13:41:38 1999
> Date: Thu, 18 Nov 1999 23:54:03 +1300
> Message-Id: <199911181054.XAA01650 na mail2.manawatu.net.nz>
> To: postmaster na r1csc.cscnet.cz, postmaster na r1csc.cscnet.cz
> From: The Open Relay Behaviour-modification System <listings na orbs.org>
> Reply-To: ORBS listings <listings na orbs.org>
> Subject: Network security problem: 195.119.184.38 is an open email relay
>
> Please read this entire message carefully before replying
>
> If you are not the technical contact for your organisation, please
> forward this to the person who is.
>
> Reference: http://www.orbs.org/messagelookup.cgi?address=195.119.184.38
>
> 195.119.184.38 has been detected as an insecure email relay and added
> to the ORBS database.
>
> Please check the ORBS website (http://www.orbs.org/) for links
> to other sites that may be able to help you close your relay. Most mail
> transport agents can be secured quickly by the operator, usually for no
> cost other than the time take to read the appropriate instructions for
> your software.
>
> To be removed from the ORBS database, you need to disable the external
relay
> features of your mail server and then report the IP address 195.119.184.38
> to our web site at http://www.orbs.org/closed1.cgi.
> We will immediately remove your site's entry, then re-test it for
> third-party relay capabilities.
>
> ORBS is an automated testing system, if your mailserver has multiple
> IP interfaces, it is likely that you will receive multiple copies of
> this message. You should only receive one notice per IP number, however
> ORBS notices are sent to both the literal IP address and the resolved DNS
> name, so 2 notices may be received in some cases.
>
> Thank you for your attention to this matter.
>
> Sincerely,
>
> listings na orbs.org
>
> The message your system relayed is attached below.
> If you believe your server has been secured, please check the
> X-Envelope lines to see which vulnerability has been missed
> and check them against the list of vulnerabilties at
> http://www.orbs.org/envelopes.cgi
>
> >From sender na orbs.org Thu Nov 18 23:54:02 1999
> Received: from r1csc.cscnet.cz (r1csc.cscnet.cz [195.119.184.38])
> by mail2.manawatu.net.nz (8.9.3/8.9.3) with ESMTP id XAA01634
> for <orbs-relaytest na manawatu.co.nz>; Thu, 18 Nov 1999 23:53:33 +1300
> X-Remote-IP: 195.119.184.38
> Received: from relaytest.orbs.org (OrbsNtst na relaytest.orbs.org
[202.36.148.5])
> by r1csc.cscnet.cz (8.8.7/8.8.7) with SMTP id LAA27429
> for <"orbs-relaytest na manawatu.co.nz">; Thu, 18 Nov 1999 11:53:10 +0100
> Date: Thu, 18 Nov 1999 11:53:10 +0100
> From: sender na orbs.org
> To: "orbs-relaytest na manawatu.co.nz"@r1csc.cscnet.cz
> X-Token: yonseddmzwhdckgj
> X-Envelope-Sender: <sender na orbs.org>
> X-Envelope-Recipient: <"orbs-relaytest na manawatu.co.nz">
> Message-Id: <195.119.184.38 na orbs.org>
> Subject: ORBS Relay Test - 195.119.184.38
>
> This program (re)tests for open relays.
>
> Open relays are automatically added to the ORBS Open Relay
> Database (see http://www.orbs.org/ for details).
>
> Open relays are rechecked monthly or more frequently.
> Secured hosts are rechecked every 3-6 months
>
> There are up to 17 different tests applied per IP address.
>
> Do not use the above addresses to contact me - use admin na orbs.org.
>
> Help on securing relays can be found at http://maps.vix.com/tsi/
> and at http://www.orbs.org/otheresources.cgi
>
> X-Token: yonseddmzwhdckgj
> X-Envelope-Sender: <sender na orbs.org>
> X-Envelope-Recipient: <"orbs-relaytest na manawatu.co.nz">
>
> --- CUT HERE ---
>
> Nevim, jak se jim to podarilo. Nejsem odbornik na sendmail, a ani se ho
> nechci nijak zvlast ucit. Nezabijejte mne :))
>
> Potrebuji zajistit nasledovne:
> Funkcni smtp a pop stroj, ktery bude prijimat postu pro x domen
(virrtusertable),
> a dale bude fungovat jako zalozni mailserver pro dalsich x domen.
>
> Nevim jak je sendmail dobry, ci ne. Ale vim, ze tohle vsechno mi
umizajistit.
> Jenze je v nem nejaka dira, diky ktere budu asi znovu na blacklistu ORBS.
> Zatim tam nejsem, je tam poznamka, ze prave probihaji testy.
>
> Jestli mate nekdo funkcni sendmail, ktery min. umi to, co jsem uvedl, a
> prosel testy ORBSu, byl bych rad, kdyby jste me nasmerovali,
> co delam spatne, popr. poskytli Vas sendmail...
>
> Diky za pomoc...
> --
> Martin Och
> Network Administrator
> CS-COMPEX, a.s.
>
> To "shut down" your system type "WIN"
>
Další informace o konferenci Sendmail