Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
EPuters_Mirrors
/
almanack_mirror
İzle 2
Yıldızla 0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Dal: main
Dallar Biçim İmleri
almanack_mir...
/
wiki.d
/
Opensmtpd.Test

Opensmtpd.Test 28 KB
Kalıcı Bağlantı Geçmiş Ham

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 
  1. version=pmwiki-2.2.130 ordered=1 urlencoded=1
    2. 

  2. agent=Mozilla/5.0 (X11; OpenBSD amd64; rv:88.0) Gecko/20100101 Firefox/88.0
    3. 

  3. author=jrmu
    4. 

  4. charset=UTF-8
    5. 

  5. csum=
    6. 

  6. ctime=1622794110
    7. 

  7. host=125.231.16.237
    8. 

  8. name=Opensmtpd.Test
    9. 

  9. rev=13
    10. 

  10. targets=Email.Email,Netcat.SMTP,Opensmtpd.Openrelay,Openbsd.Opensmtpd
    11. 

  11. text=(:title Test your mail server:)%0a%0a!! Basic Sending of Mail%0a%0aAs a first basic test, try to send mail using sendmail. You'll want to log in%0ato the server using ssh. Then on the server, create the file ~/samplemail:%0a%0a[@%0a$ sendmail -v -F fromname -f from@example.com to@example.com%0aSubject: Alpha Bravo%0aMIME-Version: 1.0 %0aContent-Type: text/plain; charset=us-ascii%0aContent-Disposition: inline%0a%0aCharlie Delta Echo Foxtrot%0a@]%0a%0aReplace @@fromname@@ with the name of the sender (your name), @@from@example.com@@%0awith the sender's address, and @@to@example.com@@ with the email you want to send%0ato.%0a%0aPress ctrl+d to end the letter.%0a%0aYou should see the following output:%0a%0a[@%0a%3c%3c%3c 220 example.com ESMTP OpenSMTPD%0a>>> EHLO localhost%0a%3c%3c%3c 250-example.com Hello localhost [local], pleased to meet you%0a%3c%3c%3c 250-8BITMIME%0a%3c%3c%3c 250-ENHANCEDSTATUSCODES%0a%3c%3c%3c 250-SIZE 36700160%0a%3c%3c%3c 250-DSN%0a%3c%3c%3c 250 HELP%0a>>> MAIL FROM:%3cfrom@example.com>  %0a%3c%3c%3c 250 2.0.0 Ok%0a>>> RCPT TO:%3cto@example.com> %0a%3c%3c%3c 250 2.1.5 Destination address valid: Recipient ok%0a>>> DATA%0a%3c%3c%3c 354 Enter mail, end with "." on a line by itself%0a>>> .%0a%3c%3c%3c 250 2.0.0 379ec228 Message accepted for delivery%0a>>> QUIT%0a%3c%3c%3c 221 2.0.0 Bye%0a@]%0a%0a!! Sending with your mail client%0a%0aYou should also send email from a known, working email address to your new%0amail server. Afterwards, configure your [[email/email|e-mail client]] to see if%0ayou were able to receive the letter.%0a%0a!! Sending with netcat%0a%0aYou can test to see if you can send a letter to your server using [[netcat/SMTP|netcat]]:%0a%0a[@%0a$ nc example.com 25 %0a220 example.com ESMTP OpenSMTPD%0a@]%0a%0aNext, we type HELO followed by our sending domain:%0a%0a[@%0aHELO example.com%0a250 example.com Hello example.com [38.81.163.143], pleased to meet you%0a@]%0a%0aAfterwards, we type our sending mail address:%0a%0a[@%0aMAIL FROM: %3cfrom@example.com>%0a250 2.0.0 Ok%0a@]%0a%0aAnd the destination mail address:%0a%0a[@%0aRCPT TO: %3cto@example.com>%0a250 2.1.5 Destination address valid: Recipient ok%0a@]%0a%0aThen we type DATA followed by our email:%0a%0a[@%0aDATA%0a354 Enter mail, end with "." on a line by itself%0aSubject: Alpha Bravo Charlie Delta%0a%0aEcho Foxtrot Golf Hotel%0a@]%0a%0aWe then type . to end the email, then QUIT:%0a%0a[@%0a.%0a250 2.0.0 e57f9a36 Message accepted for delivery%0aQUIT%0a221 2.0.0 Bye%0a@]%0a%0aHere's the complete process:%0a%0a[@%0a$ nc example.com 25 %0a220 example.com ESMTP OpenSMTPD%0aHELO example.com%0a250 example.com Hello example.com [38.81.163.143], pleased to meet you%0aMAIL FROM: %3cfrom@example.com>%0a250 2.0.0 Ok%0aRCPT TO: %3cto@example.com>%0a250 2.1.5 Destination address valid: Recipient ok%0aDATA%0a354 Enter mail, end with "." on a line by itself%0aSubject: Alpha Bravo Charlie Delta%0a%0aEcho Foxtrot Golf Hotel%0a.%0a250 2.0.0 e57f9a36 Message accepted for delivery%0aQUIT%0a221 2.0.0 Bye%0a@]%0a%0a!! Open Mail Relay%0a%0aMake sure your mail server is not an [[opensmtpd/openrelay|open relay]]!%0a%0a[@%0a$ nc example.com 25 %0a220 example.com ESMTP OpenSMTPD%0aHELO fakedomain.com%0a250 example.com Hello fakedomain.com [38.81.163.143], pleased to meet you%0aMAIL FROM: %3ccriminal@fakedomain.com>%0a250 2.0.0 Ok%0aRCPT TO: %3cvictim@otherplace.com>%0a550 Invalid recipient: %3cvictim@otherplace.com>%0a@]%0a%0aIn this example, you are pretending to send email from criminal@fakedomain.com to%0avictim@otherplace.com using example.com as a relay.%0a%0aYou should get @@Invalid recipient@@ or some similar rejection message.%0aIf you do not, example.com is likely running an open mail relay.%0a%0aHere's how it appears when the mail server is improperly configured:%0a%0a[@%0a$ nc example.com 25 %0a220 example.com ESMTP OpenSMTPD%0aHELO fakedomain.com%0a250 example.com Hello fakedomain.com [38.81.163.143], pleased to meet you%0aMAIL FROM: %3ccriminal@fakedomain.com>%0a250 2.0.0 Ok%0aRCPT TO: %3cvictim@otherplace.com>%0a250 2.1.5 Destination address valid: Recipient ok%0a@]%0a%0aNotice this time it says @@Recipient ok@@ even though it comes from a spoofed sender to an external domain. This will allow anyone to use @@your@@ server to spam another mail server with forged addresses. If you don't fix this, you will get blacklisted for spam!%0a%0a!! Testing Deliverability%0a%0a|| URL || What's Tested ||%0a|| https://dkimvalidator.com/ || Send a test email and see if DKIM/SPF validation passes ||%0a|| http://multirbl.valli.org || Send a test email and look for any red flags ||%0a|| https://dmarc.org/resources/deployment-tools/ || ||%0a|| https://toolbox.googleapps.com/apps/checkmx || ||%0a|| https://postmaster.google.com/u/0/managedomains || ||%0a|| https://www.mail-tester.com || ||%0a|| https://www.spamscore.net/ ||%0a|| https://glockapps.com/||%0a|| https://www.senderscore.org/ || %0a|| https://www.gmass.co/inbox ||%0a|| autoreply@dmarctest.org || ||%0a|| check-auth@verifier.port25.com || ||%0a|| mailtest@unlocktheinbox.com || ||%0a%0a!! How to Fix%0a%0aYou will want to check your [[openbsd/opensmtpd|smtpd.conf]] ruleset to make sure you '''never''' allow any domain to send to any domain. You should only allow local hosts to send to external domains, and for any host to send to your domains.%0a%0a!! See Also%0a
    12. 

  12. time=1633615189
    13. 

  13. title=Test your mail server
    14. 

  14. author:1633615189=jrmu
    15. 

  15. diff:1633615189:1622809434:=169,172c169%0a%3c || https://www.spamscore.net/ ||%0a%3c || https://glockapps.com/||%0a%3c || https://www.senderscore.org/ || %0a%3c || https://www.gmass.co/inbox ||%0a---%0a> %0a
    16. 

  16. host:1633615189=125.231.16.237
    17. 

  17. author:1622809434=jrmu
    18. 

  18. diff:1622809434:1622805956:=163,164c163,164%0a%3c || https://dkimvalidator.com/ || Send a test email and see if DKIM/SPF validation passes ||%0a%3c || http://multirbl.valli.org || Send a test email and look for any red flags ||%0a---%0a> || https://dkimvalidator.com/ || ||%0a> || http://multirbl.valli.org || ||%0a
    19. 

  19. host:1622809434=38.81.163.143
    20. 

  20. author:1622805956=jrmu
    21. 

  21. diff:1622805956:1622804586:=162,172c162,172%0a%3c || URL || What's Tested ||%0a%3c || https://dkimvalidator.com/ || ||%0a%3c || http://multirbl.valli.org || ||%0a%3c || https://dmarc.org/resources/deployment-tools/ || ||%0a%3c || https://toolbox.googleapps.com/apps/checkmx || ||%0a%3c || https://postmaster.google.com/u/0/managedomains || ||%0a%3c || https://www.mail-tester.com || ||%0a%3c %0a%3c || autoreply@dmarctest.org || ||%0a%3c || check-auth@verifier.port25.com || ||%0a%3c || mailtest@unlocktheinbox.com || ||%0a---%0a> * https://www.dnswl.org%0a> * https://dkimvalidator.com/%0a> * http://multirbl.valli.org%0a> * https://dmarc.org/resources/deployment-tools/%0a> * https://toolbox.googleapps.com/apps/checkmx%0a> * https://postmaster.google.com/u/0/managedomains%0a> * https://www.mail-tester.com%0a> %0a> * autoreply@dmarctest.org%0a> * check-auth@verifier.port25.com%0a> * mailtest@unlocktheinbox.com%0a
    22. 

  22. host:1622805956=38.81.163.143
    23. 

  23. author:1622804586=jrmu
    24. 

  24. diff:1622804586:1622803977:=47,48c47,50%0a%3c !! Sending with your mail client%0a%3c %0a---%0a> !! Basic Receiving of Mail%0a> %0a> !!! Sending with your mail client%0a> %0a53,54c55,56%0a%3c !! Sending with netcat%0a%3c %0a---%0a> !!! Sending with netcat%0a> %0a160,172c162,174%0a%3c !! Testing Deliverability%0a%3c %0a%3c * https://www.dnswl.org%0a%3c * https://dkimvalidator.com/%0a%3c * http://multirbl.valli.org%0a%3c * https://dmarc.org/resources/deployment-tools/%0a%3c * https://toolbox.googleapps.com/apps/checkmx%0a%3c * https://postmaster.google.com/u/0/managedomains%0a%3c * https://www.mail-tester.com%0a%3c %0a%3c * autoreply@dmarctest.org%0a%3c * check-auth@verifier.port25.com%0a%3c * mailtest@unlocktheinbox.com%0a---%0a> %0a>   * https://www.dnswl.org%0a>   * https://dkimvalidator.com/%0a>   * http://multirbl.valli.org%0a>   * https://dmarc.org/resources/deployment-tools/%0a>   * https://toolbox.googleapps.com/apps/checkmx%0a>   * https://postmaster.google.com/u/0/managedomains%0a>   * https://www.mail-tester.com%0a> %0a>   * autoreply@dmarctest.org%0a>   * check-auth@verifier.port25.com%0a>   * mailtest@unlocktheinbox.com%0a> %0a
    25. 

  25. host:1622804586=38.81.163.143
    26. 

  26. author:1622803977=jrmu
    27. 

  27. diff:1622803977:1622802181:=135c135%0a%3c MAIL FROM: %3ccriminal@fakedomain.com>%0a---%0a> MAIL FROM: %3cusername@example.com>%0a137,138c137,138%0a%3c RCPT TO: %3cvictim@otherplace.com>%0a%3c 550 Invalid recipient: %3cvictim@otherplace.com>%0a---%0a> RCPT TO: %3cvictim@example.com>%0a> 550 Invalid recipient: %3cvictim@example.com>%0a141,143c141,143%0a%3c In this example, you are pretending to send email from criminal@fakedomain.com to%0a%3c victim@otherplace.com using example.com as a relay.%0a%3c %0a---%0a> In this example, you are pretending to send email from username@example.com to%0a> victim@example.com.%0a> %0a154c154%0a%3c MAIL FROM: %3ccriminal@fakedomain.com>%0a---%0a> MAIL FROM: %3cusername@example.com>%0a156c156%0a%3c RCPT TO: %3cvictim@otherplace.com>%0a---%0a> RCPT TO: %3cvictim@example.com>%0a160c160%0a%3c Notice this time it says @@Recipient ok@@ even though it comes from a spoofed sender to an external domain. This will allow anyone to use @@your@@ server to spam another mail server with forged addresses. If you don't fix this, you will get blacklisted for spam!%0a---%0a> Notice this time it says @@Recipient ok@@ even though it comes from a spoofed sender to an external domain. This will allow anyone to use @@your@@ server to spam external domains with forged addresses. If you don't fix this, you will get blacklisted for spam!%0a
    28. 

  28. host:1622803977=38.81.163.143
    29. 

  29. author:1622802181=jrmu
    30. 

  30. diff:1622802181:1622801307:=133,135c133,135%0a%3c HELO fakedomain.com%0a%3c 250 example.com Hello fakedomain.com [38.81.163.143], pleased to meet you%0a%3c MAIL FROM: %3cusername@example.com>%0a---%0a> HELO example.com%0a> 250 example.com Hello example.com [38.81.163.143], pleased to meet you%0a> MAIL FROM: %3ctest@example.com>%0a137,138c137,138%0a%3c RCPT TO: %3cvictim@example.com>%0a%3c 550 Invalid recipient: %3cvictim@example.com>%0a---%0a> RCPT TO: %3circnownetwork@gmail.com>%0a> 550 Invalid recipient: %3circnownetwork@gmail.com>%0a141,143d140%0a%3c In this example, you are pretending to send email from username@example.com to%0a%3c victim@example.com.%0a%3c %0a145,146c142%0a%3c If you do not, example.com is likely running an open mail relay.%0a%3c %0a---%0a> %0a150,154c146,150%0a%3c $ nc example.com 25 %0a%3c 220 example.com ESMTP OpenSMTPD%0a%3c HELO fakedomain.com%0a%3c 250 example.com Hello fakedomain.com [38.81.163.143], pleased to meet you%0a%3c MAIL FROM: %3cusername@example.com>%0a---%0a> $ nc bangcat.coconut.ircnow.org 25 %0a> 220 bangcat.coconut.ircnow.org ESMTP OpenSMTPD%0a> HELO example.com%0a> 250 bangcat.coconut.ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a> MAIL FROM: %3ctest@example.com>%0a156c152%0a%3c RCPT TO: %3cvictim@example.com>%0a---%0a> RCPT TO: %3ctest@gmail.com>%0a
    31. 

  31. host:1622802181=38.81.163.143
    32. 

  32. author:1622801307=jrmu
    33. 

  33. diff:1622801307:1622800727:=57,58c57,58%0a%3c You can test to see if you can send a letter to your server using [[netcat/SMTP|netcat]]:%0a%3c %0a---%0a> Here's how to send a letter using [[netcat/usage|netcat]]:%0a> %0a125a126,138%0a> %0a>   * https://www.dnswl.org%0a>   * https://dkimvalidator.com/%0a>   * http://multirbl.valli.org%0a>   * https://dmarc.org/resources/deployment-tools/%0a>   * https://toolbox.googleapps.com/apps/checkmx%0a>   * https://postmaster.google.com/u/0/managedomains%0a>   * https://www.mail-tester.com%0a> %0a>   * autoreply@dmarctest.org%0a>   * check-auth@verifier.port25.com%0a>   * mailtest@unlocktheinbox.com%0a> %0a128,129c141,142%0a%3c Make sure your mail server is not an [[opensmtpd/openrelay|open relay]]!%0a%3c %0a---%0a> Here's how a proper mail server (not an open relay) will do when you send from a spoofed domain to another external domain:%0a> %0a157,170d169%0a%3c %0a%3c %0a%3c   * https://www.dnswl.org%0a%3c   * https://dkimvalidator.com/%0a%3c   * http://multirbl.valli.org%0a%3c   * https://dmarc.org/resources/deployment-tools/%0a%3c   * https://toolbox.googleapps.com/apps/checkmx%0a%3c   * https://postmaster.google.com/u/0/managedomains%0a%3c   * https://www.mail-tester.com%0a%3c %0a%3c   * autoreply@dmarctest.org%0a%3c   * check-auth@verifier.port25.com%0a%3c   * mailtest@unlocktheinbox.com%0a%3c %0a
    34. 

  34. host:1622801307=38.81.163.143
    35. 

  35. author:1622800727=jrmu
    36. 

  36. diff:1622800727:1622799974:=60,61c60,61%0a%3c $ nc example.com 25 %0a%3c 220 example.com ESMTP OpenSMTPD%0a---%0a> $ nc ircnow.org 25 %0a> 220 ircnow.org ESMTP OpenSMTPD%0a68c68%0a%3c 250 example.com Hello example.com [38.81.163.143], pleased to meet you%0a---%0a> 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a74c74%0a%3c MAIL FROM: %3cfrom@example.com>%0a---%0a> MAIL FROM: %3ctest@example.com>%0a81c81%0a%3c RCPT TO: %3cto@example.com>%0a---%0a> RCPT TO: %3cjrmu@ircnow.org>%0a107,108c107,108%0a%3c $ nc example.com 25 %0a%3c 220 example.com ESMTP OpenSMTPD%0a---%0a> $ nc ircnow.org 25 %0a> 220 ircnow.org ESMTP OpenSMTPD%0a110,111c110,111%0a%3c 250 example.com Hello example.com [38.81.163.143], pleased to meet you%0a%3c MAIL FROM: %3cfrom@example.com>%0a---%0a> 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a> MAIL FROM: %3ctest@example.com>%0a113c113%0a%3c RCPT TO: %3cto@example.com>%0a---%0a> RCPT TO: %3cjrmu@ircnow.org>%0a144,145c144,145%0a%3c $ nc example.com 25 %0a%3c 220 example.com ESMTP OpenSMTPD%0a---%0a> $ nc ircnow.org 25 %0a> 220 ircnow.org ESMTP OpenSMTPD%0a147c147%0a%3c 250 example.com Hello example.com [38.81.163.143], pleased to meet you%0a---%0a> 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a
    37. 

  37. host:1622800727=38.81.163.143
    38. 

  38. author:1622799974=jrmu
    39. 

  39. diff:1622799974:1622799532:=49,50d48%0a%3c !!! Sending with your mail client%0a%3c %0a55,57c53%0a%3c !!! Sending with netcat%0a%3c %0a%3c Here's how to send a letter using [[netcat/usage|netcat]]:%0a---%0a> Here's how we test sending a letter using [[openbsd/netcat|netcat]]:%0a
    40. 

  40. host:1622799974=38.81.163.143
    41. 

  41. author:1622799532=jrmu
    42. 

  42. diff:1622799532:1622799367:=46,51d45%0a%3c %0a%3c !! Basic Receiving of Mail%0a%3c %0a%3c You should also send email from a known, working email address to your new%0a%3c mail server. Afterwards, configure your [[email/email|e-mail client]] to see if%0a%3c you were able to receive the letter.%0a
    43. 

  43. host:1622799532=38.81.163.143
    44. 

  44. author:1622799367=jrmu
    45. 

  45. diff:1622799367:1622794925:=9d8%0a%3c $ sendmail -v -F fromname -f from@example.com to@example.com%0a18,25c17%0a%3c Replace @@fromname@@ with the name of the sender (your name), @@from@example.com@@%0a%3c with the sender's address, and @@to@example.com@@ with the email you want to send%0a%3c to.%0a%3c %0a%3c Press ctrl+d to end the letter.%0a%3c %0a%3c You should see the following output:%0a%3c %0a---%0a> %0a27c19,25%0a%3c %3c%3c%3c 220 example.com ESMTP OpenSMTPD%0a---%0a> $ sendmail -tv -F example -f example@ircnow.org %3c ~/samplemail%0a> @]%0a> %0a> Inside ~/samplemail:%0a> %0a> [@%0a> %3c%3c%3c 220 mail.ircnow.org ESMTP OpenSMTPD%0a29c27%0a%3c %3c%3c%3c 250-example.com Hello localhost [local], pleased to meet you%0a---%0a> %3c%3c%3c 250-mail.ircnow.org Hello localhost [local], pleased to meet you%0a33d30%0a%3c %3c%3c%3c 250-DSN%0a35c32%0a%3c >>> MAIL FROM:%3cfrom@example.com>  %0a---%0a> >>> MAIL FROM:%3cexample@ircnow.org>  %0a37c34%0a%3c >>> RCPT TO:%3cto@example.com> %0a---%0a> >>> RCPT TO:%3cmailtest@unlocktheinbox.com> %0a42c39%0a%3c %3c%3c%3c 250 2.0.0 379ec228 Message accepted for delivery%0a---%0a> %3c%3c%3c 250 2.0.0 66f4c965 Message accepted for delivery%0a47,48c44,71%0a%3c Here's how we test sending a letter using [[openbsd/netcat|netcat]]:%0a%3c %0a---%0a>   * https://www.dnswl.org%0a>   * https://dkimvalidator.com/%0a>   * http://multirbl.valli.org%0a>   * https://dmarc.org/resources/deployment-tools/%0a>   * https://toolbox.googleapps.com/apps/checkmx%0a>   * https://postmaster.google.com/u/0/managedomains%0a>   * https://www.mail-tester.com%0a> %0a>   * autoreply@dmarctest.org%0a>   * check-auth@verifier.port25.com%0a>   * mailtest@unlocktheinbox.com%0a> %0a> %0a> %0a> An open proxy allows any Internet user to send or receive messages using that server to hide the sender. Sometimes it can be used to provide privacy for users and bypass censorship, but often times it is unintentional. Your server could be abused to send spam because of a misconfiguration of your server.%0a> %0a> An open proxy for mail is referred to as an open mail relay. Chances are, if you're reading this, it's because your mail server has been banned for being an open mail relay.%0a> %0a> !! Why stop open proxies?%0a> %0a> # It could be used to send malware (viruses, trojans, or worms)%0a> # It can be used to send spam%0a> # Your IP will get blacklisted and put on a [[openbsd/dnsbl|DNS blacklist]]%0a> %0a> !! Sample Config%0a> %0a> Here is a sample '''misconfiguration''' (do '''NOT''' use these configs):%0a> %0a50,51c73%0a%3c $ nc ircnow.org 25 %0a%3c 220 ircnow.org ESMTP OpenSMTPD%0a---%0a> match from any for any relay%0a54,55c76,77%0a%3c Next, we type HELO followed by our sending domain:%0a%3c %0a---%0a> If you're using [[openbsd/dkimproxy|dkimproxy]]:%0a> %0a57,58c79%0a%3c HELO example.com%0a%3c 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a---%0a> match from any for any action "relay_dkim"%0a61,62c82,87%0a%3c Afterwards, we type our sending mail address:%0a%3c %0a---%0a> Don't use either of the above configurations, or your mail server will be used by spammers and crackers to flood the internet with trash mail.%0a> %0a> !! Testing for Open Mail Relays%0a> %0a> Here's how we test sending a letter using [[openbsd/netcat|netcat]]:%0a> %0a64,65c89,90%0a%3c MAIL FROM: %3ctest@example.com>%0a%3c 250 2.0.0 Ok%0a---%0a> $ nc ircnow.org 25 %0a> 220 ircnow.org ESMTP OpenSMTPD%0a68,69c93,94%0a%3c And the destination mail address:%0a%3c %0a---%0a> Next, we type HELO followed by our sending domain:%0a> %0a71,72c96,97%0a%3c RCPT TO: %3cjrmu@ircnow.org>%0a%3c 250 2.1.5 Destination address valid: Recipient ok%0a---%0a> HELO example.com%0a> 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a75,76c100,101%0a%3c Then we type DATA followed by our email:%0a%3c %0a---%0a> Afterwards, we type our sending mail address:%0a> %0a78,82c103,104%0a%3c DATA%0a%3c 354 Enter mail, end with "." on a line by itself%0a%3c Subject: Alpha Bravo Charlie Delta%0a%3c %0a%3c Echo Foxtrot Golf Hotel%0a---%0a> MAIL FROM: %3ctest@example.com>%0a> 250 2.0.0 Ok%0a85,86c107,108%0a%3c We then type . to end the email, then QUIT:%0a%3c %0a---%0a> And the destination mail address:%0a> %0a88,91c110,111%0a%3c .%0a%3c 250 2.0.0 e57f9a36 Message accepted for delivery%0a%3c QUIT%0a%3c 221 2.0.0 Bye%0a---%0a> RCPT TO: %3cjrmu@ircnow.org>%0a> 250 2.1.5 Destination address valid: Recipient ok%0a94,95c114,115%0a%3c Here's the complete process:%0a%3c %0a---%0a> Then we type DATA followed by our email:%0a> %0a97,104d116%0a%3c $ nc ircnow.org 25 %0a%3c 220 ircnow.org ESMTP OpenSMTPD%0a%3c HELO example.com%0a%3c 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a%3c MAIL FROM: %3ctest@example.com>%0a%3c 250 2.0.0 Ok%0a%3c RCPT TO: %3cjrmu@ircnow.org>%0a%3c 250 2.1.5 Destination address valid: Recipient ok%0a110,113d121%0a%3c .%0a%3c 250 2.0.0 e57f9a36 Message accepted for delivery%0a%3c QUIT%0a%3c 221 2.0.0 Bye%0a116,127c124,153%0a%3c %0a%3c   * https://www.dnswl.org%0a%3c   * https://dkimvalidator.com/%0a%3c   * http://multirbl.valli.org%0a%3c   * https://dmarc.org/resources/deployment-tools/%0a%3c   * https://toolbox.googleapps.com/apps/checkmx%0a%3c   * https://postmaster.google.com/u/0/managedomains%0a%3c   * https://www.mail-tester.com%0a%3c %0a%3c   * autoreply@dmarctest.org%0a%3c   * check-auth@verifier.port25.com%0a%3c   * mailtest@unlocktheinbox.com%0a---%0a> We then type . to end the email, then QUIT:%0a> %0a> [@%0a> .%0a> 250 2.0.0 e57f9a36 Message accepted for delivery%0a> QUIT%0a> 221 2.0.0 Bye%0a> @]%0a> %0a> Here's the complete process:%0a> %0a> [@%0a> $ nc ircnow.org 25 %0a> 220 ircnow.org ESMTP OpenSMTPD%0a> HELO example.com%0a> 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a> MAIL FROM: %3ctest@example.com>%0a> 250 2.0.0 Ok%0a> RCPT TO: %3cjrmu@ircnow.org>%0a> 250 2.1.5 Destination address valid: Recipient ok%0a> DATA%0a> 354 Enter mail, end with "." on a line by itself%0a> Subject: Alpha Bravo Charlie Delta%0a> %0a> Echo Foxtrot Golf Hotel%0a> .%0a> 250 2.0.0 e57f9a36 Message accepted for delivery%0a> QUIT%0a> 221 2.0.0 Bye%0a> @]%0a
    46. 

  46. host:1622799367=38.81.163.143
    47. 

  47. author:1622794925=jrmu
    48. 

  48. diff:1622794925:1622794110:=1,7c1,2%0a%3c (:title Test your mail server:)%0a%3c %0a%3c !! Basic Sending of Mail%0a%3c %0a%3c As a first basic test, try to send mail using sendmail. You'll want to log in%0a%3c to the server using ssh. Then on the server, create the file ~/samplemail:%0a%3c %0a---%0a> To check that the mail server works:%0a> %0a9,14c4%0a%3c Subject: Alpha Bravo%0a%3c MIME-Version: 1.0 %0a%3c Content-Type: text/plain; charset=us-ascii%0a%3c Content-Disposition: inline%0a%3c %0a%3c Charlie Delta Echo Foxtrot%0a---%0a> $ sendmail -tv -F example -f example@ircnow.org %3c ~/samplemail%0a17c7,8%0a%3c %0a---%0a> Inside ~/samplemail:%0a> %0a19c10,17%0a%3c $ sendmail -tv -F example -f example@ircnow.org %3c ~/samplemail%0a---%0a> From: example %3cexample@ircnow.org>%0a> To: mailtest@unlocktheinbox.com%0a> Subject: Alpha Bravo%0a> MIME-Version: 1.0 %0a> Content-Type: text/plain; charset=us-ascii%0a> Content-Disposition: inline%0a> %0a> Charlie Delta Echo Foxtrot%0a22,23d19%0a%3c Inside ~/samplemail:%0a%3c %0a56,191d51%0a%3c %0a%3c %0a%3c An open proxy allows any Internet user to send or receive messages using that server to hide the sender. Sometimes it can be used to provide privacy for users and bypass censorship, but often times it is unintentional. Your server could be abused to send spam because of a misconfiguration of your server.%0a%3c %0a%3c An open proxy for mail is referred to as an open mail relay. Chances are, if you're reading this, it's because your mail server has been banned for being an open mail relay.%0a%3c %0a%3c !! Why stop open proxies?%0a%3c %0a%3c # It could be used to send malware (viruses, trojans, or worms)%0a%3c # It can be used to send spam%0a%3c # Your IP will get blacklisted and put on a [[openbsd/dnsbl|DNS blacklist]]%0a%3c %0a%3c !! Sample Config%0a%3c %0a%3c Here is a sample '''misconfiguration''' (do '''NOT''' use these configs):%0a%3c %0a%3c [@%0a%3c match from any for any relay%0a%3c @]%0a%3c %0a%3c If you're using [[openbsd/dkimproxy|dkimproxy]]:%0a%3c %0a%3c [@%0a%3c match from any for any action "relay_dkim"%0a%3c @]%0a%3c %0a%3c Don't use either of the above configurations, or your mail server will be used by spammers and crackers to flood the internet with trash mail.%0a%3c %0a%3c !! Testing for Open Mail Relays%0a%3c %0a%3c Here's how we test sending a letter using [[openbsd/netcat|netcat]]:%0a%3c %0a%3c [@%0a%3c $ nc ircnow.org 25 %0a%3c 220 ircnow.org ESMTP OpenSMTPD%0a%3c @]%0a%3c %0a%3c Next, we type HELO followed by our sending domain:%0a%3c %0a%3c [@%0a%3c HELO example.com%0a%3c 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a%3c @]%0a%3c %0a%3c Afterwards, we type our sending mail address:%0a%3c %0a%3c [@%0a%3c MAIL FROM: %3ctest@example.com>%0a%3c 250 2.0.0 Ok%0a%3c @]%0a%3c %0a%3c And the destination mail address:%0a%3c %0a%3c [@%0a%3c RCPT TO: %3cjrmu@ircnow.org>%0a%3c 250 2.1.5 Destination address valid: Recipient ok%0a%3c @]%0a%3c %0a%3c Then we type DATA followed by our email:%0a%3c %0a%3c [@%0a%3c DATA%0a%3c 354 Enter mail, end with "." on a line by itself%0a%3c Subject: Alpha Bravo Charlie Delta%0a%3c %0a%3c Echo Foxtrot Golf Hotel%0a%3c @]%0a%3c %0a%3c We then type . to end the email, then QUIT:%0a%3c %0a%3c [@%0a%3c .%0a%3c 250 2.0.0 e57f9a36 Message accepted for delivery%0a%3c QUIT%0a%3c 221 2.0.0 Bye%0a%3c @]%0a%3c %0a%3c Here's the complete process:%0a%3c %0a%3c [@%0a%3c $ nc ircnow.org 25 %0a%3c 220 ircnow.org ESMTP OpenSMTPD%0a%3c HELO example.com%0a%3c 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a%3c MAIL FROM: %3ctest@example.com>%0a%3c 250 2.0.0 Ok%0a%3c RCPT TO: %3cjrmu@ircnow.org>%0a%3c 250 2.1.5 Destination address valid: Recipient ok%0a%3c DATA%0a%3c 354 Enter mail, end with "." on a line by itself%0a%3c Subject: Alpha Bravo Charlie Delta%0a%3c %0a%3c Echo Foxtrot Golf Hotel%0a%3c .%0a%3c 250 2.0.0 e57f9a36 Message accepted for delivery%0a%3c QUIT%0a%3c 221 2.0.0 Bye%0a%3c @]%0a%3c %0a%3c !! Open Mail Relay%0a%3c %0a%3c Here's how a proper mail server (not an open relay) will do when you send from a spoofed domain to another external domain:%0a%3c %0a%3c [@%0a%3c $ nc ircnow.org 25 %0a%3c 220 ircnow.org ESMTP OpenSMTPD%0a%3c HELO example.com%0a%3c 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a%3c MAIL FROM: %3ctest@example.com>%0a%3c 250 2.0.0 Ok%0a%3c RCPT TO: %3circnownetwork@gmail.com>%0a%3c 550 Invalid recipient: %3circnownetwork@gmail.com>%0a%3c @]%0a%3c %0a%3c You should get @@Invalid recipient@@ or some similar rejection message.%0a%3c %0a%3c Here's how it appears when the mail server is improperly configured:%0a%3c %0a%3c [@%0a%3c $ nc bangcat.coconut.ircnow.org 25 %0a%3c 220 bangcat.coconut.ircnow.org ESMTP OpenSMTPD%0a%3c HELO example.com%0a%3c 250 bangcat.coconut.ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a%3c MAIL FROM: %3ctest@example.com>%0a%3c 250 2.0.0 Ok%0a%3c RCPT TO: %3ctest@gmail.com>%0a%3c 250 2.1.5 Destination address valid: Recipient ok%0a%3c @]%0a%3c %0a%3c Notice this time it says @@Recipient ok@@ even though it comes from a spoofed sender to an external domain. This will allow anyone to use @@your@@ server to spam external domains with forged addresses. If you don't fix this, you will get blacklisted for spam!%0a%3c %0a%3c !! How to Fix%0a%3c %0a%3c You will want to check your [[openbsd/opensmtpd|smtpd.conf]] ruleset to make sure you '''never''' allow any domain to send to any domain. You should only allow local hosts to send to external domains, and for any host to send to your domains.%0a%3c %0a%3c !! See Also%0a
    49. 

  49. host:1622794925=38.81.163.143
    50. 

  50. author:1622794110=jrmu
    51. 

  51. diff:1622794110:1622794110:=1,51d0%0a%3c To check that the mail server works:%0a%3c %0a%3c [@%0a%3c $ sendmail -tv -F example -f example@ircnow.org %3c ~/samplemail%0a%3c @]%0a%3c %0a%3c Inside ~/samplemail:%0a%3c %0a%3c [@%0a%3c From: example %3cexample@ircnow.org>%0a%3c To: mailtest@unlocktheinbox.com%0a%3c Subject: Alpha Bravo%0a%3c MIME-Version: 1.0 %0a%3c Content-Type: text/plain; charset=us-ascii%0a%3c Content-Disposition: inline%0a%3c %0a%3c Charlie Delta Echo Foxtrot%0a%3c @]%0a%3c %0a%3c [@%0a%3c %3c%3c%3c 220 mail.ircnow.org ESMTP OpenSMTPD%0a%3c >>> EHLO localhost%0a%3c %3c%3c%3c 250-mail.ircnow.org Hello localhost [local], pleased to meet you%0a%3c %3c%3c%3c 250-8BITMIME%0a%3c %3c%3c%3c 250-ENHANCEDSTATUSCODES%0a%3c %3c%3c%3c 250-SIZE 36700160%0a%3c %3c%3c%3c 250 HELP%0a%3c >>> MAIL FROM:%3cexample@ircnow.org>  %0a%3c %3c%3c%3c 250 2.0.0 Ok%0a%3c >>> RCPT TO:%3cmailtest@unlocktheinbox.com> %0a%3c %3c%3c%3c 250 2.1.5 Destination address valid: Recipient ok%0a%3c >>> DATA%0a%3c %3c%3c%3c 354 Enter mail, end with "." on a line by itself%0a%3c >>> .%0a%3c %3c%3c%3c 250 2.0.0 66f4c965 Message accepted for delivery%0a%3c >>> QUIT%0a%3c %3c%3c%3c 221 2.0.0 Bye%0a%3c @]%0a%3c %0a%3c   * https://www.dnswl.org%0a%3c   * https://dkimvalidator.com/%0a%3c   * http://multirbl.valli.org%0a%3c   * https://dmarc.org/resources/deployment-tools/%0a%3c   * https://toolbox.googleapps.com/apps/checkmx%0a%3c   * https://postmaster.google.com/u/0/managedomains%0a%3c   * https://www.mail-tester.com%0a%3c %0a%3c   * autoreply@dmarctest.org%0a%3c   * check-auth@verifier.port25.com%0a%3c   * mailtest@unlocktheinbox.com%0a%3c %0a
    52. 

  52. host:1622794110=38.81.163.143
    53. 

  53.