Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Jun 2003 07:01:11 -0400 (EDT)
From:      Paul Chvostek <paul+fbsd@it.ca>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        Paul Chvostek <paul+fbsd@it.ca>
Subject:   ports/53277: [maintainer update]: mail/rlytest - Perl script to test for open SMTP relays
Message-ID:  <200306131101.h5DB1BFS061412@foo.it.ca>
Resent-Message-ID: <200306131110.h5DBAGAd051129@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         53277
>Category:       ports
>Synopsis:       [maintainer update]: mail/rlytest - Perl script to test for open SMTP relays
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 13 04:10:16 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Paul Chvostek
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
>Environment:
System: FreeBSD foo.it.ca 4.7-STABLE FreeBSD 4.7-STABLE #1: Sun Nov 10 01:01:32 EST 2002 paul@foo.it.ca:/usr/src/sys/compile/foo i386


>Description:
        Nasty perl dependencies, obsolete dist URL.
>How-To-Repeat:
	n/a
>Fix:

diff -2ruN rlytest.old/Makefile rlytest/Makefile
--- rlytest.old/Makefile	Tue Mar 18 03:30:45 2003
+++ rlytest/Makefile	Fri Jun 13 06:53:32 2003
@@ -14,6 +14,6 @@
 EXTRACT_ONLY=   # defined
 
-MAINTAINER=	paul@it.ca
-COMMENT=	Test an SMTP host for third-party relay
+MAINTAINER=	paul+ports@it.ca
+COMMENT=	test remote system for unsecured mail relay
 
 USE_PERL5=	yes
@@ -24,15 +24,12 @@
 
 pre-patch:
-	perl -pe 's,^#!/usr/local/bin/perl$$,#!/usr/bin/perl,' < ${_DISTDIR}${DISTFILES} > ${WRKSRC}/rlytest
+	@${SED} '1s:^#!/usr/local/bin/perl:#!${PERL}:' < ${_DISTDIR}${DISTFILES} > ${WRKSRC}/rlytest
 
 do-build:
-	pod2man ${WRKSRC}/rlytest > ${WRKSRC}/rlytest.1
+	@pod2man ${WRKSRC}/rlytest > ${WRKSRC}/rlytest.1
 
 do-install:
-	${INSTALL_SCRIPT} ${WRKSRC}/rlytest ${PREFIX}/bin/
-	${INSTALL_MAN} ${WRKSRC}/rlytest.1 ${PREFIX}/man/man1/
-
-post-install:
-	${CAT} ${PKGMESSAGE}
+	@${INSTALL_SCRIPT} ${WRKSRC}/rlytest ${PREFIX}/bin/
+	@${INSTALL_MAN} ${WRKSRC}/rlytest.1 ${PREFIX}/man/man1/
 
 .include <bsd.port.mk>
diff -2ruN rlytest.old/pkg-descr rlytest/pkg-descr
--- rlytest.old/pkg-descr	Mon May  3 01:50:32 1999
+++ rlytest/pkg-descr	Fri Jun 13 06:29:54 2003
@@ -7,10 +7,9 @@
 menace to the Internet.
 
-See http://www.unicom.com/sw/#rlytest for mor information.
+See http://www.unicom.com/sw/rlytest for more information.
 
-rlytest was written by Chip Rosenthal, and is featured at
-http://maps.vix.com/tsi/ and http://www.badrelay.org/.
+pxytest was written by Chip Rosenthal.
 
-- Paul Chvostek <paul@it.ca>
+- Paul Chvostek <paul+ports@it.ca>
 
-WWW: http://www.unicom.com/sw/#rlytest
+WWW: http://www.unicom.com/sw/rlytest
diff -2ruN rlytest.old/pkg-message rlytest/pkg-message
--- rlytest.old/pkg-message	Mon Jan 25 22:20:56 1999
+++ rlytest/pkg-message	Wed Dec 31 19:00:00 1969
@@ -1,18 +0,0 @@
-
-NOTE: If you wish to make easier use of the rlytest program from within
-scripts, you might want to modify the exit codes it uses.  Line 122 of
-the script contains the exit code used if the relay was accepted (bad),
-and line 165 contains the exit code used if the relay was rejected
-(good).  The original author has expressed a wish that his code not be
-modified automatically in this way by this distribution, but if you wish
-to modify your local copy, you should feel free to do so.
-
-If you just change the "0" line line 122 to a "1", then in shell scripts
-you'll be able to use constructs like:
-
-  if /usr/local/bin/rlytest $hostname >/dev/null 2>/dev/null ; then
-    echo "$hostname is good"
-  else
-    echo "$hostname is evil"
-  fi
-
diff -2ruN rlytest.old/work/.PLIST.mktmp rlytest/work/.PLIST.mktmp
--- rlytest.old/work/.PLIST.mktmp	Wed Dec 31 19:00:00 1969
+++ rlytest/work/.PLIST.mktmp	Fri Jun 13 06:40:48 2003
@@ -0,0 +1,4 @@
+man/man1/rlytest.1.gz
+@unexec rm -f %D/man/cat1/rlytest.1 %D/man/cat1/rlytest.1.gz
+bin/rlytest
+@unexec if [ -f %D/info/dir ]; then if sed -e '1,/Menu:/d' %D/info/dir | grep -q '^[*] '; then true; else rm %D/info/dir; fi; fi
diff -2ruN rlytest.old/work/rlytest rlytest/work/rlytest
--- rlytest.old/work/rlytest	Wed Dec 31 19:00:00 1969
+++ rlytest/work/rlytest	Fri Jun 13 06:40:41 2003
@@ -0,0 +1,379 @@
+#!/usr/bin/perl
+#
+# $Id: rlytest,v 1.22 2001/10/22 22:02:48 chip Exp $
+#
+# $Log: rlytest,v $
+# Revision 1.22  2001/10/22 22:02:48  chip
+# updated message
+#
+# Revision 1.21  2001/10/22 19:57:38  chip
+# updated URLs
+#
+# Revision 1.20  2000/06/21 09:02:09  chip
+# Produce useful diagnostic if socket fails.
+# Thanks to Paul Ewing Jr. <ewing@ima.umn.edu>
+#
+# Revision 1.19  2000/06/11 06:21:49  chip
+# now uses exit status 2 to indicate successful relay submission
+# added $EX_RELAY_ACCEPTED $EX_RELAY_REJECTED $EX_PROGRAM_ERROR
+#
+# Revision 1.18  2000/04/04 08:25:32  chip
+# changed default domain from acme.com to example.com
+#
+# Revision 1.17  1999/08/20 07:11:54  chip
+# moved uid=0 check before calculate_fqdn is called (oof!)
+# thanks to Paul David Fardy <pdf@morgan.ucs.mun.ca> for catching that
+#
+# Revision 1.16  1999/05/25 15:51:57  chip
+# added $Root_check to avoid running as root
+# remove $! from socket creation failure, people were finding it confusing
+#
+#
+# rlytest - test mail host for third-party relay
+# (see POD documentation at end)
+#
+# Chip Rosenthal
+# Unicom Systems Development
+# <chip@unicom.com>
+#
+
+require 5.002;
+use strict;
+use Getopt::Std;
+use IO::Socket;	# warning - IO::Socket was an optional add-on prior to 5.004
+use Time::gmtime;
+use vars qw($Usage $Dflt_hostname $Dflt_domain $Root_check %Opts
+	$Target_host $Timeout $Hostname $Username $Comment
+	$Actual_sender $MailFrom_addr $RcptTo_addr $Mssg_body);
+
+$0 =~ s!.*/!!;
+$Usage = "usage: $0 [-f sender_addr] [-u recip_addr] [-c comment] [-t timeout] target_host";
+
+use vars qw($EX_RELAY_ACCEPTED $EX_RELAY_REJECTED $EX_PROGRAM_ERROR);
+$EX_RELAY_REJECTED = 0;
+$EX_RELAY_ACCEPTED = 2;
+$EX_PROGRAM_ERROR = 1;
+
+#
+# Host name configuration - Leave these commented out unless the
+# calculate_fqdn() routine is unable to calculate your FQDN (fully
+# qualified domain name) correctly.  You'll know if it fails, because
+# the script will bomb out bitching about the FQDN.  If this happens,
+# try setting $Dflt_domain to your domain.  Or, if you like, you
+# may hardwire $Dflt_hostname to a particular FQDN.
+#
+### $Dflt_domain = "example.com";
+### $Dflt_hostname = "dopey.example.com";
+
+#
+# This utility does not need to be run as root.  In fact, there is
+# a potential problem in doing so.  In the "calculate_fqdn" subroutine,
+# one of the ways it tries to obtain the host name is with "hostname -f".
+# While this works on some systems, on others it will attempt to change
+# the local hostname to "-f"!
+#
+$Root_check = 1;
+
+if ($Root_check && $> == 0) {
+	print STDERR q[
+You should not be running this as root!
+Recommend you abort and run as a nonprivileged user.
+Pausing 10 seconds.];
+	foreach $_ (1 .. 10) {
+		print STDERR ".";
+		sleep 1;
+	}
+	print STDERR "\n";
+}
+
+#
+# Unbuffered output.
+#
+autoflush STDOUT 1;
+
+#
+# Crack command line.
+#
+getopts('c:f:t:u:', \%Opts)
+	or die "$Usage";
+die "$Usage\n"
+	unless (@ARGV == 1);
+$Target_host = shift;
+
+#
+# Initialize parameters.
+#
+$Timeout = $Opts{'t'} || 60;
+$Hostname = calculate_fqdn()
+	or die "$0: cannot determine FQDN\n";
+$Username = $ENV{'LOGNAME'} || $ENV{'USER'} || die "$0: LOGNAME undefined\n";
+$Actual_sender = $Username . "\@" . $Hostname;
+$RcptTo_addr = $Opts{'u'} || $Actual_sender;
+$Comment = $Opts{'c'} . "\n"
+	if ($Opts{'c'});
+
+if ($Opts{'f'} ne "") {
+	$MailFrom_addr = $Opts{'f'};
+} elsif ($Target_host =~ /^\d+\.\d+\.\d+\.\d+$/) {
+	$MailFrom_addr = "nobody\@[${Target_host}]";
+} else {
+	$MailFrom_addr = "nobody\@${Target_host}";
+}
+
+#
+# Construct the test message.
+#
+$Mssg_body =
+	"To: $RcptTo_addr\n"
+	. "From: $MailFrom_addr\n"
+	. "Subject: test for susceptibility to third-party mail relay\n"
+	. "Date: " .  arpa_date(time()) . "\n"
+	. "Message-Id: <rlytest-" . time() . "-" . $$ . "\@$Hostname>\n"
+	. "Sender: $Actual_sender\n"
+	. qq[
+This message is a test probe, to ensure that your mail server is secured
+against third-party mail relay.  This is NOT an attempt to hack or
+crack your system, but just to ensure the system are secured against
+this common vulnerability.  This test usually is performed by a system
+administrator who is trying to determine the source of a spam email.
+
+A well-configured mail server should NOT relay third-party email.
+Otherwise, the server is subject to attack and hijack by Internet vandals
+and spammers.  For information on how to secure a mail server against
+third-party relay, visit <URL: http://mail-abuse.org/tsi/>.
+
+This probe was generated by the "rlytest" utility.  For more information,
+visit <URL: http://www.unicom.com/sw/rlytest/>.
+
+    Target host = $Target_host
+    Test performed by <$Actual_sender>
+
+If you have any concern about this test, please contact the person listed
+in the "test performed by" line above.
+
+${Comment}
+.
+];
+
+#
+# Connect and execute SMTP diaglog.
+#
+print "Connecting to $Target_host ...\n";
+my $sock = IO::Socket::INET->new(
+		Proto => "tcp",
+		PeerAddr => $Target_host,
+		PeerPort => "smtp(25)",
+		Timeout => $Timeout)
+	or die "$0: socket failed: cannot connect to $Target_host: $@\n";
+
+$SIG{'ALRM'} = sub { die "$0: timeout waiting for socket I/O\n"; };
+$sock->autoflush(1);
+read_response($sock);
+write_command($sock, "HELO $Hostname\n");
+write_command($sock, "MAIL FROM:<$MailFrom_addr>\n");
+write_command($sock, "RCPT TO:<$RcptTo_addr>\n");
+write_command($sock, "DATA\n");
+write_command($sock, $Mssg_body, "(message body)\n");
+my $code = write_command($sock, "QUIT\n");
+
+#
+# Dialog successful (which is bad -- that means the relay was accepted).
+#
+warn "$0: relay accepted - final response code $code\n";
+exit($EX_RELAY_ACCEPTED);
+
+
+#
+# usage: write_command($sock, $data_to_send[, $mssg_to_display])
+#
+sub write_command
+{
+	my $sock = shift;
+	my $data = shift;
+	my $mssg = shift || $data;
+	print ">>> $mssg";
+	$data =~ s/\n/\r\n/g;
+	alarm($Timeout);
+	$sock->print($data)
+		or die "$0: socket write failed [$!]\n";
+	alarm(0);
+	return read_response($sock);
+}
+
+
+#
+# usage: $response_code = read_response($sock);
+#
+sub read_response
+{
+	my $sock = shift;
+	my($code, $cont, $mssg);
+
+	do {
+		alarm($Timeout);
+		chop($_ = $sock->getline());
+		alarm(0);
+		($code, $cont, $mssg) = /(\d\d\d)(.)(.*)/;
+		print "<<< ", $_, "\n";
+	} while ($cont eq "-");
+	return $code
+		if ($code >= 200 && $code < 400);
+
+	alarm($Timeout);
+	$sock->print("QUIT\r\n");
+	alarm(0);
+	warn "$0: relay rejected - final response code $code\n";
+	exit($EX_RELAY_REJECTED);
+}
+
+
+#
+# usage: $hostname = calculate_fqdn();
+#
+sub calculate_fqdn
+{
+	my @trycmds = ("hostname", "hostname -f", "uname -n");
+	my $cmd;
+	my $hostname;
+
+	return $Dflt_hostname
+		if ($Dflt_hostname);
+
+	foreach $cmd (@trycmds) {
+		chop($hostname = `$cmd`);
+		return $hostname
+			if ($hostname =~ /\./);
+		return $hostname . "." . $Dflt_domain
+			if ($hostname && $Dflt_domain);
+	}
+
+	die "$0: cannot determine FQDN - please set \$Dflt_domain or \$Dflt_hostname\n"
+}
+
+
+#
+# usage: $date_header = arpa_date($secs_since_epoch)
+#
+sub arpa_date
+{
+	my $gm = gmtime(shift);
+	my @Day_name = ("Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat");
+	my @Month_name = (
+		"Jan", "Feb", "Mar", "Apr", "May", "Jun",
+		"Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
+
+	sprintf("%-3s, %02d %-3s %4d %02d:%02d:%02d GMT",
+		$Day_name[$gm->wday],
+		$gm->mday, $Month_name[$gm->mon], 1900+$gm->year,
+		$gm->hour, $gm->min, $gm->sec);
+
+}
+
+
+__END__
+
+=head1 NAME
+
+rlytest - test mail host for third-party relay
+
+=head1 SYNOPSIS
+
+B<rlytest>
+[B<-f> sender_addr]
+[B<-u> recip_addr]
+[B<-c> I<comment>]
+[B<-t> I<timeout>]
+I<target_host>
+
+=head1 DESCRIPTION
+
+The B<rlytest> utility performs a test on I<target_host> to determine
+whether it will relay third-party email.  It will try to relay an
+email message to yourself through that host.  A host that allows
+third-party relay is subject to attack by Internet vandals, and
+frequently is hijacked by spammers to relay massive amounts of junk
+email.  A host that allows third-party relay should be B<immediately>
+secured, disconnected, or shunned as a menace to the Internet.
+
+The following options are available:
+
+=over 4
+
+=item B<-f> I<sender_addr>
+
+Specifies the (C<MAIL FROM>) email address to use on the probe.
+By default, B<rlytest> tries to calculate an email address in the
+target domain.  This is to ensure that the host is not using simple
+(and easily defeated) envelope checks for anti-relay protection.
+
+=item B<-u> I<recip_addr>
+
+Specifies the (C<RCPT TO>) email address to use on the probe.  By
+default, B<rlytest> tries to calculate your email address and use
+that.  A host that is susceptible to relay will deliver a probe
+message to this address.
+
+=item B<-c> I<comment>
+
+Embed I<comment> in the body of the test message.  This may
+be useful, for instance, if you are doing some automatic testing
+and want to insert cookies into the messages.
+
+=item B<-t> I<timeout>
+
+Sets the timeout value (default is 60 seconds) for certain
+operations.
+
+=back
+
+If the remote host refused to relay the message, the program
+will terminate with a zero exit status dislay a message to
+I<stderr> similar to:
+
+  rlytest: relay rejected - status code 571
+
+If the message was accepted, the program will terminate with an
+exit status of 2 and display a message to I<stderr> similar to:
+
+  rlytest: relay accepted - status code 221
+
+Any other (non-zero) exit status indicates a program error, such as a
+bad hostname or host not resopnding.
+
+=head1 EXAMPLE
+
+Here is an example, showing a host that refuses third-party relay:
+
+  $ ./rlytest mail.example.dom
+  Connecting to mail.example.dom ...
+  <<< 220 mail.example.dom ready
+  >>> HELO garcon.unicom.com
+  <<< 250 Hello garcon.unicom.com, pleased to meet you
+  >>> MAIL FROM:<nobody@mail.example.dom>
+  <<< 250 <chip@garcon.unicom.com>... Sender ok
+  >>> RCPT TO:<chip@garcon.unicom.com>
+  <<< 550 <chip@garcon.unicom.com>... Relaying Denied
+  rlytest: relay rejected - status code 550
+
+=head1 BUGS
+
+There is no reliable and portable method to determine the local
+host's fully qualified domain name.  If the utility bombs out
+complaining about FQDN problems, read the "host name configuration"
+information near the top of the script.
+
+=head1 SEE ALSO
+
+mail(1),
+sendmail(8),
+smtpd(8)
+
+=head1 AUTHOR
+
+  Chip Rosenthal
+  Unicom Systems Development
+  <chip@unicom.com>
+
+  $Id: rlytest,v 1.22 2001/10/22 22:02:48 chip Exp $
+  See http://www.unicom.com/sw/#rlytest for latest version.
+
diff -2ruN rlytest.old/work/rlytest.1 rlytest/work/rlytest.1
--- rlytest.old/work/rlytest.1	Wed Dec 31 19:00:00 1969
+++ rlytest/work/rlytest.1	Fri Jun 13 06:40:41 2003
@@ -0,0 +1,303 @@
+.rn '' }`
+''' $RCSfile$$Revision$$Date$
+'''
+''' $Log$
+'''
+.de Sh
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp
+.if t .sp .5v
+.if n .sp
+..
+.de Ip
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.de Vb
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve
+.ft R
+
+.fi
+..
+'''
+'''
+'''     Set up \*(-- to give an unbreakable dash;
+'''     string Tr holds user defined translation string.
+'''     Bell System Logo is used as a dummy character.
+'''
+.tr \(*W-|\(bv\*(Tr
+.ie n \{\
+.ds -- \(*W-
+.ds PI pi
+.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+'''   \*(M", \*(S", \*(N" and \*(T" are the equivalent of
+'''   \*(L" and \*(R", except that they are used on ".xx" lines,
+'''   such as .IP and .SH, which do another additional levels of
+'''   double-quote interpretation
+.ds M" """
+.ds S" """
+.ds N" """""
+.ds T" """""
+.ds L' '
+.ds R' '
+.ds M' '
+.ds S' '
+.ds N' '
+.ds T' '
+'br\}
+.el\{\
+.ds -- \(em\|
+.tr \*(Tr
+.ds L" ``
+.ds R" ''
+.ds M" ``
+.ds S" ''
+.ds N" ``
+.ds T" ''
+.ds L' `
+.ds R' '
+.ds M' `
+.ds S' '
+.ds N' `
+.ds T' '
+.ds PI \(*p
+'br\}
+.\"	If the F register is turned on, we'll generate
+.\"	index entries out stderr for the following things:
+.\"		TH	Title 
+.\"		SH	Header
+.\"		Sh	Subsection 
+.\"		Ip	Item
+.\"		X<>	Xref  (embedded
+.\"	Of course, you have to process the output yourself
+.\"	in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
+..
+.nr % 0
+.rr F
+.\}
+.TH RLYTEST 1 "perl 5.005, patch 03" "13/Jun/2003" "User Contributed Perl Documentation"
+.UC
+.if n .hy 0
+.if n .na
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ          \" put $1 in typewriter font
+.ft CW
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+.	\" AM - accent mark definitions
+.bd B 3
+.	\" fudge factors for nroff and troff
+.if n \{\
+.	ds #H 0
+.	ds #V .8m
+.	ds #F .3m
+.	ds #[ \f1
+.	ds #] \fP
+.\}
+.if t \{\
+.	ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.	ds #V .6m
+.	ds #F 0
+.	ds #[ \&
+.	ds #] \&
+.\}
+.	\" simple accents for nroff and troff
+.if n \{\
+.	ds ' \&
+.	ds ` \&
+.	ds ^ \&
+.	ds , \&
+.	ds ~ ~
+.	ds ? ?
+.	ds ! !
+.	ds /
+.	ds q
+.\}
+.if t \{\
+.	ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.	ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.	ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.	ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.	ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.	ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+.	ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+.	ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.	ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
+.\}
+.	\" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+.	\" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.	\" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.	ds : e
+.	ds 8 ss
+.	ds v \h'-1'\o'\(aa\(ga'
+.	ds _ \h'-1'^
+.	ds . \h'-1'.
+.	ds 3 3
+.	ds o a
+.	ds d- d\h'-1'\(ga
+.	ds D- D\h'-1'\(hy
+.	ds th \o'bp'
+.	ds Th \o'LP'
+.	ds ae ae
+.	ds Ae AE
+.	ds oe oe
+.	ds Oe OE
+.\}
+.rm #[ #] #H #V #F C
+.SH "NAME"
+rlytest \- test mail host for third-party relay
+.SH "SYNOPSIS"
+\fBrlytest\fR
+[\fB\-f\fR sender_addr]
+[\fB\-u\fR recip_addr]
+[\fB\-c\fR \fIcomment\fR]
+[\fB\-t\fR \fItimeout\fR]
+\fItarget_host\fR
+.SH "DESCRIPTION"
+The \fBrlytest\fR utility performs a test on \fItarget_host\fR to determine
+whether it will relay third-party email.  It will try to relay an
+email message to yourself through that host.  A host that allows
+third-party relay is subject to attack by Internet vandals, and
+frequently is hijacked by spammers to relay massive amounts of junk
+email.  A host that allows third-party relay should be \fBimmediately\fR
+secured, disconnected, or shunned as a menace to the Internet.
+.PP
+The following options are available:
+.Ip "\fB\-f\fR \fIsender_addr\fR" 4
+Specifies the (\f(CWMAIL FROM\fR) email address to use on the probe.
+By default, \fBrlytest\fR tries to calculate an email address in the
+target domain.  This is to ensure that the host is not using simple
+(and easily defeated) envelope checks for anti-relay protection.
+.Ip "\fB\-u\fR \fIrecip_addr\fR" 4
+Specifies the (\f(CWRCPT TO\fR) email address to use on the probe.  By
+default, \fBrlytest\fR tries to calculate your email address and use
+that.  A host that is susceptible to relay will deliver a probe
+message to this address.
+.Ip "\fB\-c\fR \fIcomment\fR" 4
+Embed \fIcomment\fR in the body of the test message.  This may
+be useful, for instance, if you are doing some automatic testing
+and want to insert cookies into the messages.
+.Ip "\fB\-t\fR \fItimeout\fR" 4
+Sets the timeout value (default is 60 seconds) for certain
+operations.
+.PP
+If the remote host refused to relay the message, the program
+will terminate with a zero exit status dislay a message to
+\fIstderr\fR similar to:
+.PP
+.Vb 1
+\&  rlytest: relay rejected - status code 571
+.Ve
+If the message was accepted, the program will terminate with an
+exit status of 2 and display a message to \fIstderr\fR similar to:
+.PP
+.Vb 1
+\&  rlytest: relay accepted - status code 221
+.Ve
+Any other (non-zero) exit status indicates a program error, such as a
+bad hostname or host not resopnding.
+.SH "EXAMPLE"
+Here is an example, showing a host that refuses third-party relay:
+.PP
+.Vb 10
+\&  $ ./rlytest mail.example.dom
+\&  Connecting to mail.example.dom ...
+\&  <<< 220 mail.example.dom ready
+\&  >>> HELO garcon.unicom.com
+\&  <<< 250 Hello garcon.unicom.com, pleased to meet you
+\&  >>> MAIL FROM:<nobody@mail.example.dom>
+\&  <<< 250 <chip@garcon.unicom.com>... Sender ok
+\&  >>> RCPT TO:<chip@garcon.unicom.com>
+\&  <<< 550 <chip@garcon.unicom.com>... Relaying Denied
+\&  rlytest: relay rejected - status code 550
+.Ve
+.SH "BUGS"
+There is no reliable and portable method to determine the local
+host's fully qualified domain name.  If the utility bombs out
+complaining about FQDN problems, read the \*(L"host name configuration\*(R"
+information near the top of the script.
+.SH "SEE ALSO"
+\fImail\fR\|(1),
+\fIsendmail\fR\|(8),
+\fIsmtpd\fR\|(8)
+.SH "AUTHOR"
+.PP
+.Vb 3
+\&  Chip Rosenthal
+\&  Unicom Systems Development
+\&  <chip@unicom.com>
+.Ve
+.Vb 2
+\&  $Id: rlytest,v 1.22 2001/10/22 22:02:48 chip Exp $
+\&  See http://www.unicom.com/sw/#rlytest for latest version.
+.Ve
+
+.rn }` ''
+.IX Title "RLYTEST 1"
+.IX Name "rlytest - test mail host for third-party relay"
+
+.IX Header "NAME"
+
+.IX Header "SYNOPSIS"
+
+.IX Header "DESCRIPTION"
+
+.IX Item "\fB\-f\fR \fIsender_addr\fR"
+
+.IX Item "\fB\-u\fR \fIrecip_addr\fR"
+
+.IX Item "\fB\-c\fR \fIcomment\fR"
+
+.IX Item "\fB\-t\fR \fItimeout\fR"
+
+.IX Header "EXAMPLE"
+
+.IX Header "BUGS"
+
+.IX Header "SEE ALSO"
+
+.IX Header "AUTHOR"
+
>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306131101.h5DB1BFS061412>