Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Last call for smtp-open-relay.nse - help needed

From: David Fifield <david () bamsoftware com>
Date: Wed, 17 Feb 2010 09:05:57 -0700
On Mon, Feb 01, 2010 at 10:23:54AM +0000, Duarte Silva wrote:

It needs to be added to the "external" category since it still uses an
Nmap domain by default.

At first I was going to suggest that we change "nmap.scanme.org" into
the usual "scanme.nmap.org".  But I've decided that the former is
better for this particular purpose (less likely to get nmap.org added
to SMTP blocklists), so I've added the corresponding DNS name.

I only did a very cursory review of the patch.  But I'm OK with it
going in if it satisfies David (or can be made to do so).


Made a new patch based on the latest nmap revision. Added the external
category as you wrote.
Patch and script in the attachments.


Okay, here are a few things.


-- @args domain Define the domain to be used in the anti-spam tests (default is nmap.scanme.org)
-- @args ip Use this to change the IP address to be used (default is the target IP address)


The script argument names are too generic. We're kind of moving towards
a common naming convention for these, which would give them the names
smtp-open-relay.domain and smtp-open-relay.ip. Those names are kind of
ugly, but I figure anyone running the script is either going to be happy
with the defaults, or will have already looked into the script
documentation for how to change them and won't mind the names.

I got this error trying to run against Exim (with --packet-trace on):

NSE: TCP 192.168.0.21:54883 > 69.164.193.231:25 | 00000000: 4d 41 49 4c 20 46 52 4f 4d 3a 3c 61 6e 74 69 73 MAIL 
FROM:<antis
00000010: 70 61 6d 40 5b 36 39 2e 31 36 34 2e 31 39 33 2e pam@[69.164.193.
00000020: 32 33 31 5d 3e 0d 0a                            231]>

NSE: TCP 192.168.0.21:54883 < 69.164.193.231:25 | 501-<antispam@[69.164.193.231]>: domain literals not allowed
501 Too many syntax or protocol errors

NSE: TCP 192.168.0.21:54883 > 69.164.193.231:25 | 00000000: 52 53 45 54 0d 0a                               RSET

NSE: TCP 192.168.0.21:54883 > 69.164.193.231:25 | CLOSE
NSE: smtp-open-relay against 69.164.193.231:25 threw an error!
EOF
stack traceback:
        [C]: in function 'try'
        ./scripts/smtp-open-relay.nse:67: in function 'dorequest'
        ./scripts/smtp-open-relay.nse:148: in function 'go'
        ./scripts/smtp-open-relay.nse:206: in function <./scripts/smtp-open-relay.nse:205>
        (tail call): ?

If you change the script args, and add handling for a broken connection,
this can go in.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: