Three things:
(1)
sendmail_expn.nasl attempts to include the results of "EXPN root" and "VRFY root" in the warning message.
However, this is done with the named parameter "extra" to the function "securtiy_warning". The function "security_warning" doesn't include a named parameter "extra". The warning message never includes the results of the "EXPN root" and "VRFY root" commands.
The output from the test should be concatenated onto the end of the description.
(2)
If the "EXPN root" command succeeds then sendmail_expn.nasl does not attempt the VRFY command. While it is likely that a mailer will support both commands or neither command surely sendmail_expn.nasl should perform both checks.
(3)
Is the "VRFY random" used to detect if the mailer merely echoes all usernames back regardless of whether they are valid or not. This test doesn't seem to work. I have just tried it against a mailer and got
VRFY root
250 2.1.5 Super-User <root@mailer.target.com>
VRFY random7678
550 5.1.1 random7678.... User unknown
But sendmail_expn.nasl doesn't report a problem. Should the random check be just for a 250 response?
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
(1)
sendmail_expn.nasl attempts to include the results of "EXPN root" and "VRFY root" in the warning message.
However, this is done with the named parameter "extra" to the function "securtiy_warning". The function "security_warning" doesn't include a named parameter "extra". The warning message never includes the results of the "EXPN root" and "VRFY root" commands.
The output from the test should be concatenated onto the end of the description.
(2)
If the "EXPN root" command succeeds then sendmail_expn.nasl does not attempt the VRFY command. While it is likely that a mailer will support both commands or neither command surely sendmail_expn.nasl should perform both checks.
(3)
Is the "VRFY random" used to detect if the mailer merely echoes all usernames back regardless of whether they are valid or not. This test doesn't seem to work. I have just tried it against a mailer and got
VRFY root
250 2.1.5 Super-User <root@mailer.target.com>
VRFY random7678
550 5.1.1 random7678.... User unknown
But sendmail_expn.nasl doesn't report a problem. Should the random check be just for a 250 response?
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers