Re: Discovering users by RCPT TO

From: Kiril Todorov (voland_at_shadowblade.net)
Date: 01/13/05

  • Next message: Todd Towles: "RE: Sample Risk Assessment Report"
    To: pen-test@securityfocus.com
    Date: Thu, 13 Jan 2005 14:04:57 +0200
    
    

    Andres Molinetti wrote:
    > I'm currently over a pen-test and I have found that their SMTP Server
    > (SendMail) does not have VRFY or EXPN methods available, which was the
    > most probably thing to happen taking into account the server has been
    > through some hardening before.
    >
    > Testing for Open Relay, I realized that the server answers different to
    > existing users and non-existing users, when trying to deliver mails
    > using RCPT TO:
    >
    > E.g:
    >
    > rcpt to: asdfasdf@domain
    > 550 5.1.1 asdfasdf@domain... User unknown
    > rcpt to: bin@domain
    > 250 2.1.5 bin@domain... Recipient ok
    > rcpt to: nobody@domain
    > 250 2.1.5 nobody@domain... Recipient ok
    > rcpt to: oper@domain
    > 550 5.1.1 oper@domain... User unknown
    > rcpt to: root@domain
    > 250 2.1.5 root@domain... Recipient ok
    >
    > Is this ok or is it information disclousure? Is there any way to fix it?
    > It is Sendmail...
    >
    > Thanks in advance,
    >
    > Andres Molinetti
    > CISSP

    That's a common practice.
    The main reason is the tons of windows zombie machines, used for
    spamming at random names @ domain name.
    All mails are send from fake addresses, so after 2-3 waves of such
    spamming the mail server's queue gets approximately 30-40K mails.
    The server is busy sending out bounces to nonexistant addresses.. well
    you get the picture.


  • Next message: Todd Towles: "RE: Sample Risk Assessment Report"

    Relevant Pages

    • Server Error: 550, Error Number: 0x8000CCC79
      ... I am installing Oracle Email Server (OES) on RHEL AS 2.1. ... top of sendmail. ... I am able to send and receive mails with this change. ...
      (RedHat)
    • Re: Mail relay issue
      ... the 8.12 patch, but the 8.11 patch is completely untested. ... >> A) Microsoft Exchange SMTP server ... >> Server "A" appends a default domain, if one is not given on the RCPT TO ... >> Now, server B (sendmail), apparently understands this sintax ...
      (Vuln-Dev)
    • Re: Force enabling TLS
      ... sending emails without encryption. ... your sendmail server, but they know nothing about about the other hops ... talking to your sendmail. ... Then all the mails send by the users from testext.com to testint is ...
      (comp.mail.sendmail)
    • can sendmail be configured this way??
      ... 2)Sendmail configured as a relay to Exchange server ... Modem configured, dialup working and pop3/smtp ... want to automate dialup when mails are generated to ...
      (SunManagers)
    • Re: sendmail mails without running any mailserver on fc5
      ... It is possible to run sendmail without making it available to other ... but assuming you have a good reason for not ... I am running a production server on FC5 64-bit and due to security reasons I ... ex daily log reports, tripwire mails etc.. ...
      (Fedora)