Re: Discovering users by RCPT TO

• Previous message: Mambo: "Sample Risk Assessment Report"
• In reply to: Andres Molinetti: "Discovering users by RCPT TO"
• Next in thread: Chris Buechler: "Re: Discovering users by RCPT TO"
• Reply: Chris Buechler: "Re: Discovering users by RCPT TO"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: pen-test@securityfocus.com
Date: Thu, 13 Jan 2005 14:04:57 +0200

Andres Molinetti wrote:
> I'm currently over a pen-test and I have found that their SMTP Server
> (SendMail) does not have VRFY or EXPN methods available, which was the
> most probably thing to happen taking into account the server has been
> through some hardening before.
>
> Testing for Open Relay, I realized that the server answers different to
> existing users and non-existing users, when trying to deliver mails
> using RCPT TO:
>
> E.g:
>
> rcpt to: asdfasdf@domain
> 550 5.1.1 asdfasdf@domain... User unknown
> rcpt to: bin@domain
> 250 2.1.5 bin@domain... Recipient ok
> rcpt to: nobody@domain
> 250 2.1.5 nobody@domain... Recipient ok
> rcpt to: oper@domain
> 550 5.1.1 oper@domain... User unknown
> rcpt to: root@domain
> 250 2.1.5 root@domain... Recipient ok
>
> Is this ok or is it information disclousure? Is there any way to fix it?
> It is Sendmail...
>
> Thanks in advance,
>
> Andres Molinetti
> CISSP

That's a common practice.
The main reason is the tons of windows zombie machines, used for
spamming at random names @ domain name.
All mails are send from fake addresses, so after 2-3 waves of such
spamming the mail server's queue gets approximately 30-40K mails.
The server is busy sending out bounces to nonexistant addresses.. well
you get the picture.

• Previous message: Mambo: "Sample Risk Assessment Report"
• In reply to: Andres Molinetti: "Discovering users by RCPT TO"
• Next in thread: Chris Buechler: "Re: Discovering users by RCPT TO"
• Reply: Chris Buechler: "Re: Discovering users by RCPT TO"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Server Error: 550, Error Number: 0x8000CCC79 ... I am installing Oracle Email Server (OES) on RHEL AS 2.1. ... top of sendmail. ... I am able to send and receive mails with this change. ... (RedHat) Re: Mail relay issue ... the 8.12 patch, but the 8.11 patch is completely untested. ... >> A) Microsoft Exchange SMTP server ... >> Server "A" appends a default domain, if one is not given on the RCPT TO ... >> Now, server B (sendmail), apparently understands this sintax ... (Vuln-Dev) Re: Force enabling TLS ... sending emails without encryption. ... your sendmail server, but they know nothing about about the other hops ... talking to your sendmail. ... Then all the mails send by the users from testext.com to testint is ... (comp.mail.sendmail) can sendmail be configured this way?? ... 2)Sendmail configured as a relay to Exchange server ... Modem configured, dialup working and pop3/smtp ... want to automate dialup when mails are generated to ... (SunManagers) Re: sendmail mails without running any mailserver on fc5 ... It is possible to run sendmail without making it available to other ... but assuming you have a good reason for not ... I am running a production server on FC5 64-bit and due to security reasons I ... ex daily log reports, tripwire mails etc.. ... (Fedora)