Solved

checking for, and closing open proxies

Posted on 2004-09-28
5
138 Views
Last Modified: 2010-04-22
Hi
I run WBL (same as RH ES) with sendmail 8.12.10 and MailScanner with ClamAV, spamassassin and am 100% sure the box does not allow relaying (unless authenticated).

I would like to test my box for open proxies, and if I find any, how to block/close it.

I found a util (perl script) that runs test against any machine, but either I am not passing the correct arguments, or there simply are no open proxies, yet some of my users claim not being able to send to yahoo addresses - Yahoo says the box has either open relay or open proxy. I've followed their suggestions and checked the box against Open Relay and other spam db's, no hits...

Anyway, I want to make sure for myself, so I would appreciate links to sites that have tools as well as some examples of running the tool ( if command line tool) .
0
Comment
Question by:psimation
5 Comments
 
LVL 18

Accepted Solution

by:
liddler earned 45 total points
ID: 12169365
you don't really need a tool, you can do it manually using telnet, and so can be really sure.  Have a look at the example at http://www.secwiz.com/Default.aspx?tabid=46
and here is an on-line test http://www.abuse.net/relay.html
If abuse.net doen't think you are a relay, I would say that yahoo may be dropping your mail if your mailserver does not have both valid DNS A and PTR records.  A lot of mailserver won't accept mail from mailservers without these
0
 
LVL 17

Author Comment

by:psimation
ID: 12169407
Hi liddler

I don't want to test for open relay, I already know it is secure wrt open relay, I wan to test for open PROXIES.
0
 
LVL 18

Expert Comment

by:liddler
ID: 12169462
0
 
LVL 40

Assisted Solution

by:jlevie
jlevie earned 40 total points
ID: 12170074
With sendmail running on the system any proxy would have to be a rogue process that listens on a port other than 25 (sendmail "owns" that one) and sends mail out on 25. There's nothing furnished with WB that would do that, so if it were there it would have to be some rogue application added after install. The simply check for that is to get a list of all open ports (lsof -i) and compar that to what should be open.
0
 
LVL 5

Assisted Solution

by:paranoidcookie
paranoidcookie earned 40 total points
ID: 12217829
Firstly put in place some sort of firewall block off any ports that you dont need to use this will most likely solve your problem.
Test open ports http://www.auditmypc.com/freescan/scanoptions.asp

Make sure you dont have squid running ps -aux |grep squid

http://www.dnsreport.com/ has some open mail realy testing tools

You could also check for root kits chkrootkit is a useful tool http://www.chkrootkit.org/
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now