Re: Last call for smtp-open-relay.nse - help needed

[Duarte Silva <duartejcsilva () gmail com>]

> Okay, this is a good idea. It's not a problem if it's not supported on
> lots of servers, especially if the script can realize it quickly and not
> continue. What server are you testing the script against?

I was testing against my ISP server and the one under the
bamsoftware.com domain (sorry 'bout that :P). The script will stop
querying the SMTP server if authentication is enforced, or if the
commands used aren't implemented (VRFY and EXPN).

On Mon, Mar 1, 2010 at 11:43 PM, David Fifield <david () bamsoftware com> wrote:
> On Sat, Feb 27, 2010 at 06:37:46PM +0000, Duarte Silva wrote:
> > I made the changes necessary in order to make it clearer. Now the
> > script will handle TIMEOUT, EOF, and ERROR conditions from
> > receive_lines function and return the message accordingly. Tested
> > against the same SMTP server and it outputted the following.
> >
> > > 25/tcp open  smtp    syn-ack Exim smtpd 4.69
> > > | smtp-open-relay:
> > > |_  ERROR: Failed to issue RSET command (connection closed)
> >
> > There are some other changes:
> > + More information in the script description
> > * If some combinations were already found before an error, the script
> > will report them
>
> Thanks, these are committed now.
>
> > I also developed a new script that will try to enumerate the users in
> > a SMTP server using the VRFY or the EXPN command (using the
> > usernames.lst). If this is found to be useful since it seem that there
> > aren't many servers that allow those commands.
>
> Okay, this is a good idea. It's not a problem if it's not supported on
> lots of servers, especially if the script can realize it quickly and not
> continue. What server are you testing the script against?
>
> David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/