Solved

checking for, and closing open proxies

Posted on 2004-09-28
5
141 Views
Last Modified: 2010-04-22
Hi
I run WBL (same as RH ES) with sendmail 8.12.10 and MailScanner with ClamAV, spamassassin and am 100% sure the box does not allow relaying (unless authenticated).

I would like to test my box for open proxies, and if I find any, how to block/close it.

I found a util (perl script) that runs test against any machine, but either I am not passing the correct arguments, or there simply are no open proxies, yet some of my users claim not being able to send to yahoo addresses - Yahoo says the box has either open relay or open proxy. I've followed their suggestions and checked the box against Open Relay and other spam db's, no hits...

Anyway, I want to make sure for myself, so I would appreciate links to sites that have tools as well as some examples of running the tool ( if command line tool) .
0
Comment
Question by:psimation
5 Comments
 
LVL 18

Accepted Solution

by:
liddler earned 45 total points
ID: 12169365
you don't really need a tool, you can do it manually using telnet, and so can be really sure.  Have a look at the example at http://www.secwiz.com/Default.aspx?tabid=46
and here is an on-line test http://www.abuse.net/relay.html
If abuse.net doen't think you are a relay, I would say that yahoo may be dropping your mail if your mailserver does not have both valid DNS A and PTR records.  A lot of mailserver won't accept mail from mailservers without these
0
 
LVL 17

Author Comment

by:psimation
ID: 12169407
Hi liddler

I don't want to test for open relay, I already know it is secure wrt open relay, I wan to test for open PROXIES.
0
 
LVL 18

Expert Comment

by:liddler
ID: 12169462
0
 
LVL 40

Assisted Solution

by:jlevie
jlevie earned 40 total points
ID: 12170074
With sendmail running on the system any proxy would have to be a rogue process that listens on a port other than 25 (sendmail "owns" that one) and sends mail out on 25. There's nothing furnished with WB that would do that, so if it were there it would have to be some rogue application added after install. The simply check for that is to get a list of all open ports (lsof -i) and compar that to what should be open.
0
 
LVL 5

Assisted Solution

by:paranoidcookie
paranoidcookie earned 40 total points
ID: 12217829
Firstly put in place some sort of firewall block off any ports that you dont need to use this will most likely solve your problem.
Test open ports http://www.auditmypc.com/freescan/scanoptions.asp

Make sure you dont have squid running ps -aux |grep squid

http://www.dnsreport.com/ has some open mail realy testing tools

You could also check for root kits chkrootkit is a useful tool http://www.chkrootkit.org/
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
best security practices on linux 3 310
SSL question 7 96
What is Mod Security For WHM and Cpanel 2 89
Website hacked - which logs should I check to find out how? 7 91
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Fine Tune your automatic Updates for Ubuntu / Debian
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question