• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 152
  • Last Modified:

checking for, and closing open proxies

Hi
I run WBL (same as RH ES) with sendmail 8.12.10 and MailScanner with ClamAV, spamassassin and am 100% sure the box does not allow relaying (unless authenticated).

I would like to test my box for open proxies, and if I find any, how to block/close it.

I found a util (perl script) that runs test against any machine, but either I am not passing the correct arguments, or there simply are no open proxies, yet some of my users claim not being able to send to yahoo addresses - Yahoo says the box has either open relay or open proxy. I've followed their suggestions and checked the box against Open Relay and other spam db's, no hits...

Anyway, I want to make sure for myself, so I would appreciate links to sites that have tools as well as some examples of running the tool ( if command line tool) .
0
psimation
Asked:
psimation
3 Solutions
 
liddlerCommented:
you don't really need a tool, you can do it manually using telnet, and so can be really sure.  Have a look at the example at http://www.secwiz.com/Default.aspx?tabid=46
and here is an on-line test http://www.abuse.net/relay.html
If abuse.net doen't think you are a relay, I would say that yahoo may be dropping your mail if your mailserver does not have both valid DNS A and PTR records.  A lot of mailserver won't accept mail from mailservers without these
0
 
psimationAuthor Commented:
Hi liddler

I don't want to test for open relay, I already know it is secure wrt open relay, I wan to test for open PROXIES.
0
 
jlevieCommented:
With sendmail running on the system any proxy would have to be a rogue process that listens on a port other than 25 (sendmail "owns" that one) and sends mail out on 25. There's nothing furnished with WB that would do that, so if it were there it would have to be some rogue application added after install. The simply check for that is to get a list of all open ports (lsof -i) and compar that to what should be open.
0
 
paranoidcookieCommented:
Firstly put in place some sort of firewall block off any ports that you dont need to use this will most likely solve your problem.
Test open ports http://www.auditmypc.com/freescan/scanoptions.asp

Make sure you dont have squid running ps -aux |grep squid

http://www.dnsreport.com/ has some open mail realy testing tools

You could also check for root kits chkrootkit is a useful tool http://www.chkrootkit.org/
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now