Mailing List Archive

> Hi,
>
> Some host respond with a "250 User ok" for any given user, this patch will
> try and detect it.

also, 'intermail' responds with a 502
(actually, any 5xx command should be used to know that the command is
disabled)


220 mail.bellsouth.net ESMTP server (InterMail vM.5.01.04.05
201-253-122-122-105-20011231) ready Sun, 3 Feb 2002 18:59:38 -0500
helo f
250 imf04bis.bellsouth.net
expn ljlkj
502 Command is locally disabled

>
> Index: sendmail_expn.nasl
> ===================================================================
> RCS file: /usr/local/cvs/nessus-plugins/scripts/sendmail_expn.nasl,v
> retrieving revision 1.21
> diff -r1.21 sendmail_expn.nasl
> 115d114
> <
> 117,118c116,120
> <
> < if(ereg(string:r, pattern:"^(250|550).*$"))
> ---
> > s = string("EXPN random_user", rand(), "\r\n");
> > send(socket:soc, data:s);
> > r2 = recv(socket:soc, length:1024);
> >
> > if((ereg(string:r, pattern:"^(250|550).*$")) && !(ereg(string:r2,
> pattern:"^(250|550).*$")))
> 132c134,139
> < if(ereg(string:r, pattern:"^(250|550).*$"))
> ---
> >
> > s = string("VRFY random_user", rand(), "\r\n");
> > send(socket:soc, data:s);
> > r2 = recv_line(socket:soc, length:1024);
> >
> > if((ereg(string:r, pattern:"^(250|550).*$")) && !(ereg(string:r2,
> pattern:"^(250|550).*$")))
> 139a147
> >
>
> Thanks
> Noam Rathaus
> http://www.BeyondSecurity.com
> http://www.SecuriTeam.com
>
>

--
Michael Scheidell
Secnap Network Security, LLC
(561) 368-9561 scheidell@secnap.net
Sign up Live WEBCAST Q & A : Should I migrate from IIS? http://www.secnap.net/

I also find a sendmail host that replies 502 and not 550:
220 cob342.netlimited.net ESMTP Sendmail 8.10.2/8.10.2; Sat, 9 Feb 2002
03:59:12 -0800
250 cob342.netlimited.net Hello mail.fdma.com [216.241.67.73], pleased to
meet you
502 5.7.0 Sorry, we do not allow this operation
quit

manbe this patch should reflect the beginning '5' and not look for 550?
maybe 550 and 502?

Michael Scheidell
SECNAP Network Security, LLC
(561) 368-9561 scheidell@secnap.net
http://www.secnap.net
----- Original Message -----
From: "Noam Rathaus" <noamr@beyondsecurity.com>
To: "Nessus Plugins Writers" <plugins-writers@list.nessus.org>
Sent: Sunday, February 03, 2002 5:07 PM
Subject: sendmail_expn Patch


> Hi,
>
> Some host respond with a "250 User ok" for any given user, this patch will
> try and detect it.
>
> Index: sendmail_expn.nasl
> ===================================================================
> RCS file: /usr/local/cvs/nessus-plugins/scripts/sendmail_expn.nasl,v
> retrieving revision 1.21
> diff -r1.21 sendmail_expn.nasl
> 115d114
> <
> 117,118c116,120
> <
> < if(ereg(string:r, pattern:"^(250|550).*$"))
> ---
> > s = string("EXPN random_user", rand(), "\r\n");
> > send(socket:soc, data:s);
> > r2 = recv(socket:soc, length:1024);
> >
> > if((ereg(string:r, pattern:"^(250|550).*$")) && !(ereg(string:r2,
> pattern:"^(250|550).*$")))
> 132c134,139
> < if(ereg(string:r, pattern:"^(250|550).*$"))
> ---
> >
> > s = string("VRFY random_user", rand(), "\r\n");
> > send(socket:soc, data:s);
> > r2 = recv_line(socket:soc, length:1024);
> >
> > if((ereg(string:r, pattern:"^(250|550).*$")) && !(ereg(string:r2,
> pattern:"^(250|550).*$")))
> 139a147
> >
>
> Thanks
> Noam Rathaus
> http://www.BeyondSecurity.com
> http://www.SecuriTeam.com
>
>

Hi,

Yes this would be a better patch, Renaud can you please patch the
appropriate file for us? (Replace the "550" with "502"|"550")

Thanks
Noam Rathaus
http://www.BeyondSecurity.com
http://www.SecuriTeam.com

----- Original Message -----
From: "Michael Scheidell" <scheidell@secnap.net>
To: "Noam Rathaus" <noamr@beyondsecurity.com>; "Nessus Plugins Writers"
<plugins-writers@list.nessus.org>
Sent: Saturday, February 09, 2002 15:43
Subject: Re: sendmail_expn Patch


> I also find a sendmail host that replies 502 and not 550:
> 220 cob342.netlimited.net ESMTP Sendmail 8.10.2/8.10.2; Sat, 9 Feb 2002
> 03:59:12 -0800
> 250 cob342.netlimited.net Hello mail.fdma.com [216.241.67.73], pleased to
> meet you
> 502 5.7.0 Sorry, we do not allow this operation
> quit
>
> manbe this patch should reflect the beginning '5' and not look for 550?
> maybe 550 and 502?
>
> Michael Scheidell
> SECNAP Network Security, LLC
> (561) 368-9561 scheidell@secnap.net
> http://www.secnap.net
> ----- Original Message -----
> From: "Noam Rathaus" <noamr@beyondsecurity.com>
> To: "Nessus Plugins Writers" <plugins-writers@list.nessus.org>
> Sent: Sunday, February 03, 2002 5:07 PM
> Subject: sendmail_expn Patch
>
>
> > Hi,
> >
> > Some host respond with a "250 User ok" for any given user, this patch
will
> > try and detect it.
> >
> > Index: sendmail_expn.nasl
> > ===================================================================
> > RCS file: /usr/local/cvs/nessus-plugins/scripts/sendmail_expn.nasl,v
> > retrieving revision 1.21
> > diff -r1.21 sendmail_expn.nasl
> > 115d114
> > <
> > 117,118c116,120
> > <
> > < if(ereg(string:r, pattern:"^(250|550).*$"))
> > ---
> > > s = string("EXPN random_user", rand(), "\r\n");
> > > send(socket:soc, data:s);
> > > r2 = recv(socket:soc, length:1024);
> > >
> > > if((ereg(string:r, pattern:"^(250|550).*$")) && !(ereg(string:r2,
> > pattern:"^(250|550).*$")))
> > 132c134,139
> > < if(ereg(string:r, pattern:"^(250|550).*$"))
> > ---
> > >
> > > s = string("VRFY random_user", rand(), "\r\n");
> > > send(socket:soc, data:s);
> > > r2 = recv_line(socket:soc, length:1024);
> > >
> > > if((ereg(string:r, pattern:"^(250|550).*$")) &&
!(ereg(string:r2,
> > pattern:"^(250|550).*$")))
> > 139a147
> > >
> >
> > Thanks
> > Noam Rathaus
> > http://www.BeyondSecurity.com
> > http://www.SecuriTeam.com
> >
> >
>
>