Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Sendmail/Blacklists rejecting authenticated users

from [Bill Weiss] Network Security [Permanent Link]
Subject: Re: Sendmail/Blacklists rejecting authenticated users
Date: Thu, 12 Jan 2006 21:42:31 +0000 
Scott Gifford(sgifford@suspectclass.com)@Wed, Jan 11, 2006 at 04:47:05PM -0500:

Michael Knox <mikeknox@lcse.umn.edu> writes:


Quick question regarding dnsbl's...  The other day I was in the
Pittsburgh airport trying to send an email using their free wifi.
Unsurprisingly this network's ip range is listed on a few of the
blacklists. This resulted in my mail server rejecting my connection
when I tried to send some emails.  Does anyone know how I can
configure sendmail/procmail to not check the IP addresses against the
dnsbls for authenticated users?  I have already done a fair amount of
googling but haven't come up with anything workable, 


The easiest way is to run an SMTP server on another port, which does
not use an RBL and only accepts authenticated connections.  Good
candidates are 587 (SMTP Submit port) or running SMTPS (SMTP over SSL)
on port 465.


I'm a postfix user, but I'm sure that sendmail can do soemthing similar.

In all of the places where I use RBLs, I put a rule before them to allow
authenticated users.  Thus, something like this:

smtpd_helo_restrictions = permit_sasl_authenticated,
    reject_non_fqdn_hostname,
    reject_invalid_hostname,
    reject_rbl_client dsn.rfc-ignorant.org,
    reject_rbl_client postmaster.rfc-ignorant.org

Because permit_sasl_authenticated is first, authenticated users bypass
all of the restrictions.


nor can I think of a good way to test (since I don't have access to
a blacklisted network).


Most blacklists put 127.0.0.2 on their blacklist for testing, so you
can do:

    telnet 127.0.0.2 25

from the server to test.


Uh... I don't think that's going to work.  Even if a server uses a
blacklist that lists 127.0.0.2, that's not always going to provide
reverse DNS for that IP.  Even if it does, telnet to that should just
come back to the same machine (maybe) or nowhere (probably).

As far as testing is concerned, your best bet is to just blacklist the
dynamic IP your modem has (DSL modem, cable box, what have you) and try
from there.  This is assuming that the server is somewhere other than
your home connection, but that's not too much of a stretch.  If it is,
get a shell somewhere and try it from there.

-- 
Bill Weiss
 
about 50 per cent of the [United States] population now believes that Iraq
was responsible for the attack on the World Trade Center.
    -- Noam Chomsky
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Sendmail/Blacklists rejecting authenticated users, Kurt Seifried
Next by Date:  Re: Sendmail/Blacklists rejecting authenticated users, Åukasz Kwiek
Previous by Thread:  Re: Sendmail/Blacklists rejecting authenticated users, Scott Gifford
Next by Thread:  Re: Sendmail/Blacklists rejecting authenticated users, Scott Gifford
Indexes:  [Date] [Thread] [Top] [All Lists]