Solved

checking for, and closing open proxies

Posted on 2004-09-28
5
140 Views
Last Modified: 2010-04-22
Hi
I run WBL (same as RH ES) with sendmail 8.12.10 and MailScanner with ClamAV, spamassassin and am 100% sure the box does not allow relaying (unless authenticated).

I would like to test my box for open proxies, and if I find any, how to block/close it.

I found a util (perl script) that runs test against any machine, but either I am not passing the correct arguments, or there simply are no open proxies, yet some of my users claim not being able to send to yahoo addresses - Yahoo says the box has either open relay or open proxy. I've followed their suggestions and checked the box against Open Relay and other spam db's, no hits...

Anyway, I want to make sure for myself, so I would appreciate links to sites that have tools as well as some examples of running the tool ( if command line tool) .
0
Comment
Question by:psimation
5 Comments
 
LVL 18

Accepted Solution

by:
liddler earned 45 total points
ID: 12169365
you don't really need a tool, you can do it manually using telnet, and so can be really sure.  Have a look at the example at http://www.secwiz.com/Default.aspx?tabid=46
and here is an on-line test http://www.abuse.net/relay.html
If abuse.net doen't think you are a relay, I would say that yahoo may be dropping your mail if your mailserver does not have both valid DNS A and PTR records.  A lot of mailserver won't accept mail from mailservers without these
0
 
LVL 17

Author Comment

by:psimation
ID: 12169407
Hi liddler

I don't want to test for open relay, I already know it is secure wrt open relay, I wan to test for open PROXIES.
0
 
LVL 18

Expert Comment

by:liddler
ID: 12169462
0
 
LVL 40

Assisted Solution

by:jlevie
jlevie earned 40 total points
ID: 12170074
With sendmail running on the system any proxy would have to be a rogue process that listens on a port other than 25 (sendmail "owns" that one) and sends mail out on 25. There's nothing furnished with WB that would do that, so if it were there it would have to be some rogue application added after install. The simply check for that is to get a list of all open ports (lsof -i) and compar that to what should be open.
0
 
LVL 5

Assisted Solution

by:paranoidcookie
paranoidcookie earned 40 total points
ID: 12217829
Firstly put in place some sort of firewall block off any ports that you dont need to use this will most likely solve your problem.
Test open ports http://www.auditmypc.com/freescan/scanoptions.asp

Make sure you dont have squid running ps -aux |grep squid

http://www.dnsreport.com/ has some open mail realy testing tools

You could also check for root kits chkrootkit is a useful tool http://www.chkrootkit.org/
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question