ietf-smtp
[Top] [All Lists]

Re: Open relay test (was: Bounce/System Notification Address Verification)

2005-07-01 02:00:40


From: "Frank Ellermann" <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de>

Hector Santos wrote:

I did learn one new trick that I think I will implement and
explore - flip it around, test the random address first.
If accept, it is operating in an open relay behavior.

It could be also a "teergrube" accepting one character per
second after DATA (with a 5xx after the data).  You're not
testing a dummy (empty) DATA, or are you ?  I report this
crap as spam.

Interesting.

No. The CBV does not reach the DATA. You don't want to send a message.
Beside,  if you were able to get to this point, you already got the result -
a PASS for the return path,

But from a host standpoint, even YAHOO.COM abandoned the DATA level user
validation for a RCPT TO user validation.

Here's a 12/2003 field testing log:

220 YSmtp mta224.mail.scd.yahoo.com ESMTP service ready
HELO mail.winserver.com
250 mta224.mail.scd.yahoo.com
mail from: <hecor(_at_)winserver(_dot_)com>
250 sender <hecor(_at_)winserver(_dot_)com> ok
RCPT TO: <adenabloss(_at_)yahoo(_dot_)ca>
250 recipient <adenabloss(_at_)yahoo(_dot_)ca> ok
RCPT TO: <adenabloss(_at_)yahoo(_dot_)ca>
250 recipient <adenabloss(_at_)yahoo(_dot_)ca> ok
data
354 go ahead
test
.
554 delivery error: dd This user doesn't have a yahoo.ca account
     (adenabloss(_at_)yahoo(_dot_)ca) [0] - mta224.mail.scd.yahoo.com
quit
221 mta224.mail.scd.yahoo.com
Connection to host lost.

Here is a WCSAP captured log back in Jan/2005:

# connecting to 67.28.114.36
S: 220 YSmtp mta189.mail.dcn.yahoo.com ESMTP service ready
C: NOOP WCSAP v2.01 Wildcat! Sender Authentication
                Protocol http://www.santronics.com
S: 250 OK
C: HELO mail.winserver.com
S: 250 mta189.mail.dcn.yahoo.com
C: MAIL FROM: <>
S: 250 null sender <> ok
C: RCPT TO: <good user hidden(_at_)yahoo(_dot_)com>
S: 250 recipient <good user hidden(_at_)yahoo(_dot_)com> ok
C: RCPT TO: <wcsap-openrelay-test-123sxa23(_at_)alqwejad(_dot_)com>
S: 452 Too many recipients
C: QUIT

I have all the logs to find out exactly when they switch if I have to go
there.   Definitely shortly after 12/2003. :-)

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com






<Prev in Thread] Current Thread [Next in Thread>