Discovering users by RCPT TO

From: Andres Molinetti (andymolinetti_at_hotmail.com)
Date: 01/12/05

  • Next message: Slider Slider: "Creating a Custom Trojan after Social Engineering"
    To: pen-test@securityfocus.com
    Date: Wed, 12 Jan 2005 20:42:04 +0000
    
    

    I'm currently over a pen-test and I have found that their SMTP Server
    (SendMail) does not have VRFY or EXPN methods available, which was the most
    probably thing to happen taking into account the server has been through
    some hardening before.

    Testing for Open Relay, I realized that the server answers different to
    existing users and non-existing users, when trying to deliver mails using
    RCPT TO:

    E.g:

    rcpt to: asdfasdf@domain
    550 5.1.1 asdfasdf@domain... User unknown
    rcpt to: bin@domain
    250 2.1.5 bin@domain... Recipient ok
    rcpt to: nobody@domain
    250 2.1.5 nobody@domain... Recipient ok
    rcpt to: oper@domain
    550 5.1.1 oper@domain... User unknown
    rcpt to: root@domain
    250 2.1.5 root@domain... Recipient ok

    Is this ok or is it information disclousure? Is there any way to fix it? It
    is Sendmail...

    Thanks in advance,

    Andres Molinetti
    CISSP

    _________________________________________________________________
    Acepta el reto MSN Premium: Protección para tus hijos en internet.
    Descárgalo y pruébalo 2 meses gratis.
    http://join.msn.com?XAPID=1697&DI=1055&HL=Footer_mailsenviados_proteccioninfantil


  • Next message: Slider Slider: "Creating a Custom Trojan after Social Engineering"

    Relevant Pages

    • basic sendmail problem
      ... The router sends all port 25 stuff to my server, ... the LAN. ... followed by 550 5.1.1 "user unknown". ... Last time I tried this Sendmail worked "out of the box," so I have no idea how ...
      (freebsd-questions)
    • Re: Mail relay issue
      ... the 8.12 patch, but the 8.11 patch is completely untested. ... >> A) Microsoft Exchange SMTP server ... >> Server "A" appends a default domain, if one is not given on the RCPT TO ... >> Now, server B (sendmail), apparently understands this sintax ...
      (Vuln-Dev)
    • Re: Discovering users by RCPT TO
      ... > I'm currently over a pen-test and I have found that their SMTP Server ... > (SendMail) does not have VRFY or EXPN methods available, ... > using RCPT TO: ... All mails are send from fake addresses, so after 2-3 waves of such ...
      (Pen-Test)
    • Re: sendmail under attack
      ... User unknown ... You and everyone else in the world running a mail server. ... harvesting exercise by a spammer or something more untoward? ... not to be servicing this amount of sendmail requests, ...
      (comp.mail.sendmail)
    • Re: Forwarding mail instead of attempting delivery to non-existent, local users.
      ... sendmail tries to deliver these messages ... to itself since it thinks it's the responsible mail server. ... local email domains "manually". ... test@xxxxxxxxxxxxxx User unknown ...
      (comp.mail.sendmail)