berhard
20.05.04, 11:50
Hallo,
ich habe durch einen relay-test.mail-abuse.org Test festgestellt, dass ich ein offenes Relay habe, finde es aber leider nicht? Wie kann ich es finden und schliessen?
Ich habe SuSE 8.1, qmail, vpopmail, SMTP-AUTH
Ich habe die Logdatein von Qmail verraten mir nichts. da ist alles okay.
root:/ # telnet relay-test.mail-abuse.org
Trying 168.61.4.13...
Connected to relay-test.mail-abuse.org.
Escape character is '^]'.
Connecting to 182.155.33.215 ...
<<< 220 root.meinserver.de ESMTP
>>> HELO cygnus.mail-abuse.org
<<< 250 root.meinserver.de
:Relay test: #Quote test
>>> mail from: <spamtest@meinedomain.de>
<<< 250 ok
>>> rcpt to: <"nobody@mail-abuse.org">
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 1
>>> mail from: <nobody@mail-abuse.org>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 2
>>> mail from: <spamtest@maps1.pa.vix.com>
<<< 553 sorry, your envelope sender domain must exist (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #test 3
>>> mail from: <spamtest@localhost>
<<< 553 sorry, your envelope sender domain must exist (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 4
>>> mail from: <spamtest>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 5
>>> mail from: <>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 6
>>> mail from: <spamtest@meinedomain.de>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 7
>>> mail from: <spamtest@[182.155.33.215]>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 8
>>> mail from: <spamtest@meinedomain.de>
<<< 250 ok
>>> rcpt to: <nobody%mail-abuse.org@meinedomain.de>
<<< 550 sorry, no mailbox here by that name (#5.1.1 - chkusr)
>>> rset
<<< 250 flushed
:Relay test: #Test 9
>>> mail from: <spamtest@meinedomain.de>
<<< 250 ok
>>> rcpt to: <nobody%mail-abuse.org@[182.155.33.215]>
<<< 250 ok
>>> QUIT
<<< 221 root.meinserver.de
Tested host banner: 220 root.meinserver.de ESMTP
System appeared to accept 1 relay attempts
Connection closed by foreign host.
root:/ # netstat -tupan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 355/perl
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 610/couriertcpd
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 10444/tcpserver
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 10442/tcpserver
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 596/couriertcpd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 567/httpd
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 362/perl
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 433/xinetd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 353/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 10440/tcpserver
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 567/httpd
tcp 0 240 182.155.33.215:22 82.83.137.200:2176 ESTABLISHED 29815/sshd
tcp 0 0 182.155.33.215:22 82.83.137.200:2243 ESTABLISHED 30831/sshd
udp 0 0 0.0.0.0:10000 0.0.0.0:* 362/perl
udp 0 0 0.0.0.0:20000 0.0.0.0:* 355/perl
udp 63936 0 0.0.0.0:68 0.0.0.0:* 303/dhcpcd
udp 0 0 182.155.33.215:123 0.0.0.0:* 505/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 505/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 505/ntpd
root:/ # lsof -i -n
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
dhcpcd 303 root 4u IPv4 533 UDP *:bootpc
sshd 353 root 3u IPv4 1189 TCP *:ssh (LISTEN)
miniserv. 355 root 3u IPv4 1193 TCP *:dnp (LISTEN)
miniserv. 355 root 4u IPv4 1194 UDP *:dnp
miniserv. 362 root 4u IPv4 1206 TCP *:ndmp (LISTEN)
miniserv. 362 root 5u IPv4 1207 UDP *:ndmp
xinetd 433 root 5u IPv4 116100 TCP *:ftp (LISTEN)
ntpd 505 ntp 4u IPv4 2013 UDP *:ntp
ntpd 505 ntp 5u IPv4 2014 UDP 127.0.0.1:ntp
ntpd 505 ntp 6u IPv4 2015 UDP 182.155.33.215:ntp
httpd 567 root 52u IPv4 3410 TCP *:https (LISTEN)
httpd 567 root 53u IPv4 3411 TCP *:http (LISTEN)
couriertc 596 root 5u IPv4 3442 TCP *:imap (LISTEN)
couriertc 610 root 5u IPv4 3465 TCP *:imaps (LISTEN)
httpd 8594 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8594 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8595 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8595 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8596 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8596 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8597 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8597 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8598 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8598 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8603 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8603 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8611 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8611 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8612 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8612 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8619 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8619 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8620 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8620 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
tcpserver 10440 vpopmail 3u IPv4 108334 TCP *:smtp (LISTEN)
tcpserver 10442 vpopmail 3u IPv4 108336 TCP *:pop3 (LISTEN)
tcpserver 10444 vpopmail 3u IPv4 108326 TCP *:pop3s (LISTEN)
sshd 29815 root 4u IPv4 194608 TCP 182.155.33.215:ssh 82.83.137.200:2176 (ESTABLISHED)
sshd 30831 root 4u IPv4 197305 TCP 182.155.33.215:ssh 82.83.137.200:magicom (ESTABLISHED)
ich habe durch einen relay-test.mail-abuse.org Test festgestellt, dass ich ein offenes Relay habe, finde es aber leider nicht? Wie kann ich es finden und schliessen?
Ich habe SuSE 8.1, qmail, vpopmail, SMTP-AUTH
Ich habe die Logdatein von Qmail verraten mir nichts. da ist alles okay.
root:/ # telnet relay-test.mail-abuse.org
Trying 168.61.4.13...
Connected to relay-test.mail-abuse.org.
Escape character is '^]'.
Connecting to 182.155.33.215 ...
<<< 220 root.meinserver.de ESMTP
>>> HELO cygnus.mail-abuse.org
<<< 250 root.meinserver.de
:Relay test: #Quote test
>>> mail from: <spamtest@meinedomain.de>
<<< 250 ok
>>> rcpt to: <"nobody@mail-abuse.org">
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 1
>>> mail from: <nobody@mail-abuse.org>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 2
>>> mail from: <spamtest@maps1.pa.vix.com>
<<< 553 sorry, your envelope sender domain must exist (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #test 3
>>> mail from: <spamtest@localhost>
<<< 553 sorry, your envelope sender domain must exist (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 4
>>> mail from: <spamtest>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 5
>>> mail from: <>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 6
>>> mail from: <spamtest@meinedomain.de>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 7
>>> mail from: <spamtest@[182.155.33.215]>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 8
>>> mail from: <spamtest@meinedomain.de>
<<< 250 ok
>>> rcpt to: <nobody%mail-abuse.org@meinedomain.de>
<<< 550 sorry, no mailbox here by that name (#5.1.1 - chkusr)
>>> rset
<<< 250 flushed
:Relay test: #Test 9
>>> mail from: <spamtest@meinedomain.de>
<<< 250 ok
>>> rcpt to: <nobody%mail-abuse.org@[182.155.33.215]>
<<< 250 ok
>>> QUIT
<<< 221 root.meinserver.de
Tested host banner: 220 root.meinserver.de ESMTP
System appeared to accept 1 relay attempts
Connection closed by foreign host.
root:/ # netstat -tupan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 355/perl
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 610/couriertcpd
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 10444/tcpserver
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 10442/tcpserver
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 596/couriertcpd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 567/httpd
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 362/perl
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 433/xinetd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 353/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 10440/tcpserver
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 567/httpd
tcp 0 240 182.155.33.215:22 82.83.137.200:2176 ESTABLISHED 29815/sshd
tcp 0 0 182.155.33.215:22 82.83.137.200:2243 ESTABLISHED 30831/sshd
udp 0 0 0.0.0.0:10000 0.0.0.0:* 362/perl
udp 0 0 0.0.0.0:20000 0.0.0.0:* 355/perl
udp 63936 0 0.0.0.0:68 0.0.0.0:* 303/dhcpcd
udp 0 0 182.155.33.215:123 0.0.0.0:* 505/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 505/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 505/ntpd
root:/ # lsof -i -n
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
dhcpcd 303 root 4u IPv4 533 UDP *:bootpc
sshd 353 root 3u IPv4 1189 TCP *:ssh (LISTEN)
miniserv. 355 root 3u IPv4 1193 TCP *:dnp (LISTEN)
miniserv. 355 root 4u IPv4 1194 UDP *:dnp
miniserv. 362 root 4u IPv4 1206 TCP *:ndmp (LISTEN)
miniserv. 362 root 5u IPv4 1207 UDP *:ndmp
xinetd 433 root 5u IPv4 116100 TCP *:ftp (LISTEN)
ntpd 505 ntp 4u IPv4 2013 UDP *:ntp
ntpd 505 ntp 5u IPv4 2014 UDP 127.0.0.1:ntp
ntpd 505 ntp 6u IPv4 2015 UDP 182.155.33.215:ntp
httpd 567 root 52u IPv4 3410 TCP *:https (LISTEN)
httpd 567 root 53u IPv4 3411 TCP *:http (LISTEN)
couriertc 596 root 5u IPv4 3442 TCP *:imap (LISTEN)
couriertc 610 root 5u IPv4 3465 TCP *:imaps (LISTEN)
httpd 8594 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8594 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8595 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8595 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8596 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8596 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8597 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8597 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8598 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8598 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8603 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8603 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8611 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8611 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8612 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8612 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8619 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8619 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
httpd 8620 wwwrun 52u IPv4 3410 TCP *:https (LISTEN)
httpd 8620 wwwrun 53u IPv4 3411 TCP *:http (LISTEN)
tcpserver 10440 vpopmail 3u IPv4 108334 TCP *:smtp (LISTEN)
tcpserver 10442 vpopmail 3u IPv4 108336 TCP *:pop3 (LISTEN)
tcpserver 10444 vpopmail 3u IPv4 108326 TCP *:pop3s (LISTEN)
sshd 29815 root 4u IPv4 194608 TCP 182.155.33.215:ssh 82.83.137.200:2176 (ESTABLISHED)
sshd 30831 root 4u IPv4 197305 TCP 182.155.33.215:ssh 82.83.137.200:magicom (ESTABLISHED)