Nmap Development mailing list archives
Re: issue with script header in SMTP_openrelay_test.nse
From: Arturo 'Buanzo' Busleiman <buanzo () buanzo com ar>
Date: Wed, 23 May 2007 16:02:00 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Fyodor wrote:
Yes, James and I did use your open proxy script during our Nmap classes before CanSecWest.
Cool :P
Do you think you could check what other scanners such as Nessus or special purpose SMTP relay checkers do?
I've based the OpenRelay NSE script on http://www.abuse.net/relay.html and they use "abuse.net" as domain, which is a valid domain-name. We have two kinds of tests: (1) for smtp servers that check the domain for certain validity parameters (2) for smtp servers that don't care about helo/from, and just allow to relay mail We should decide what test we want. I do usually prefer to test sending email FROM a valid domain / mail address, but that depends on what the pen-tester wishes to know/accomplish.
While it is great to provide the option, I'm afraid we can't count on most users configuring any of this themselves.
So, if user provides a valid return-address, the script could go the test #1 route. Otherwise, the script could just use test number (2). - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica OpenPGP for HTTP: New Web-Auth Scheme: http://freshmeat.net/articles/view/2599 Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGVI+oAlpOsGhXcE0RCrzNAJ4icXzCAey2STRshN7zmoih6710MACfefPj AWLgFjoc/jrDGRlLj6aJEa8= =HRe6 -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- issue with script header in SMTP_openrelay_test.nse DePriest, Jason R. (May 16)
- Re: issue with script header in SMTP_openrelay_test.nse Arturo 'Buanzo' Busleiman (May 16)
- Re: issue with script header in SMTP_openrelay_test.nse Fyodor (May 16)
- Re: issue with script header in SMTP_openrelay_test.nse Arturo 'Buanzo' Busleiman (May 17)
- Re: issue with script header in SMTP_openrelay_test.nse Fyodor (May 22)
- Re: issue with script header in SMTP_openrelay_test.nse Arturo 'Buanzo' Busleiman (May 23)
- Re: issue with script header in SMTP_openrelay_test.nse Fyodor (May 16)
- Re: issue with script header in SMTP_openrelay_test.nse Arturo 'Buanzo' Busleiman (May 16)