Re: Comments on smtp-open-relay and smtp-enum-users

[David Fifield <david () bamsoftware com>]

On Sun, Mar 14, 2010 at 11:15:33AM +0000, Duarte Silva wrote:
> > smtp-open-relay.nse looks like it's working as well, but I don't
> > think the output is clear enough. It'd be nice to get a boolean
> > message, saying "this server IS an open relay" or "x out of 5 tests
> > passed, this server is likely [not] an open relay". That'd be
> > helpful to me.
>
> The changes have been made to smtp-open-relay.nse. It is also now
> possible to specify which addresses to use in the tests. Default are
> antispam and relaytest respectively.

Those changes look fine. I think it's a mistake, though, to remove the
list of successful tests from the output. The output of the script was

| smtp-open-relay:
|   MAIL FROM:<antispam@[10.0.1.2]> -> RCPT TO:<"relaytest () nmap scanme org">
|   MAIL FROM:<antispam@[10.0.1.2]> -> RCPT TO:<"relaytest%nmap.scanme.org">
|_  MAIL FROM:<antispam@[10.0.1.2]> -> RCPT TO:<nmap.scanme.org!relaytest>

With the patch it will be

| smtp-open-relay:
|_  Server seems to be an open relay, 3 successful test(s)

May I suggest this?

| smtp-open-relay: Server is an open relay (3/16 tests)
|   MAIL FROM:<antispam@[10.0.1.2]> -> RCPT TO:<"relaytest () nmap scanme org">
|   MAIL FROM:<antispam@[10.0.1.2]> -> RCPT TO:<"relaytest%nmap.scanme.org">
|_  MAIL FROM:<antispam@[10.0.1.2]> -> RCPT TO:<nmap.scanme.org!relaytest>

Putting the binary message on the same line as "smtp-open-relay" makes
it easy to grep for.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/