RE: [cobalt-security] warning - early poprelay patch is invalid

["Jabie Gray" <apollo@xxxxxxxxxx>]

I tried the test on this page and it "failed" for the same reason...BUT - I
have not either patched nor upgraded to the newest version (beta version) of
poprelayd.

So the question comes to mind, is this page an adequate test for this
particular exploit? Or are we foolish for believing that this web page
belongs to a "whitehat" and do we *REALLY* believe the results?
-Jabie

-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of jbay
Sent: Friday, July 13, 2001 10:22 AM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] warning - early poprelay patch is invalid



> http://members.iinet.net.au/~remmie/relay/
>
> and found that i was an open relay for the last week.

I think it's rather odd that this web page, when it finds a machine it can't
relay through (mine) reports:

"FAILURE - Unfortunately the program failed because...The host machine does
not relay"

"Unfortunately"!?  hmmm. Well, this page looks like a good candidate for
spammers to use to look for relays. I've null-routed it here; I don't want
anyone looking at our machines via that domain period. And who knows what
it's doing with the data it collects on machines that DO relay. Nothing good
can come of having a page like that kicking around. For all we know, it
takes a 'positive' output and forwards it to a dozen spammer mailing lists.

abuse.org had something like that online at one time, I think, but now they
only let you check from the machine you suspect is open; go to shell prompt
on the suspect machine, and telnet relay-test.mail-abuse.org -- it'll tell
you if you're open.

also, the rpm you installed is out of date; the up-to-date one is
poprelayd-2.0-5.noarch.rpm, not poprelayd-2.0-4.noarch.rpm

_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security