La mascotte BSD dessinée par Tatsumi Hosokawa
  Chuck's corner (intitulé du site)

Accueil
  Bienvenue !
  Who's that Chuck ?

Articles
  Investigation numérique
  Virtual-to-Remote-Physical
  Prométhée, intranet éduc.
  Frenzy, mini CD live
  Sécu. Open/Closed Source
  Installer FreeBSD 5
  Powered by Unknown !
    FreeBSD / Nmap (1/2)
    FreeBSD / Nmap (2/2)
    telnetd
    ftpd
    Apache
    Bind
    Lukemftpd
    OpenSSH
    PHP
    Qpopper
    Sendmail
    Sendmail / Smtpscan
    Sendmail / Smtpmap


  En cours d'élaboration :
  Analyseurs d'empreintes

Logiciels
  Portages
  Projet HeV

Liens
  Sites BSD en français
  Liste systèmes BSD
  Projets à l'honneur

Recherche
  avec Logo Google

  sur le site :
  
  sur BSD en général :
  

Powered by Unknown !

Sendmail

Les serveurs SMTP, tels que Sendmail, affichent spontanément ou à la demande certaines informations sensibles :

# telnet localhost 25
220 herisson.maison ESMTP Sendmail 8.12.3/8.12.3; Thu, 7 Nov 2002 12:41:31 +0100 (CET)
help
214-2.0.0 This is sendmail version 8.12.3
214-2.0.0 Topics:
214-2.0.0 	HELO	EHLO	MAIL	RCPT	DATA
214-2.0.0 	RSET	NOOP	QUIT	HELP	VRFY
214-2.0.0 	EXPN	VERB	ETRN	DSN	AUTH
214-2.0.0 	STARTTLS
214-2.0.0 For more info use "HELP ".
214-2.0.0 To report bugs in the implementation send email to
214-2.0.0 	sendmail-bugs@sendmail.org.
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info
help verb
214-2.0.0 VERB
214-2.0.0 	Go into verbose mode.  This sends 0xy responses that are
214-2.0.0 	not RFC821 standard (but should be)  They are recognized
214-2.0.0 	by humans and other sendmail implementations.
214 2.0.0 End of HELP info
help quit
214-2.0.0 QUIT
214-2.0.0 	Exit sendmail (SMTP).
214 2.0.0 End of HELP info
help control
214-2.0.0 Help for smcontrol:
214-2.0.0 help		This message.
214-2.0.0 restart		Restart sendmail.
214-2.0.0 shutdown	Shutdown sendmail.
214-2.0.0 status		Show sendmail status.
214-2.0.0 memdump		Dump allocated memory list (for debugging only).
214 2.0.0 End of HELP info
quit
221 2.0.0 herisson.maison closing connection

Ces affichages peuvent cependant être débrayés en modifiant la configuration de Sendmail (notamment pour parer à une fuite d'informations en réponse à un courrier destiné à une adresse inconnue) :

# cd /etc/mail
# cat > helpfile
#vers	2
smtp	Disabled.
^D
# cat > /tmp/freebsd.mc.supp
define(`confSMTP_LOGIN_MSG', `$j server ready at $b')
define(`confRECEIVED_HEADER', `$?sfrom $s $.$?_($?s$|from $.$_)
	$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
	$.by $j $?r with $r$. id $i$?{tls_version}
	(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
	for $u; $|;
	$.$b$?g
	(envelope-from $g)$.')
^D
# cat /tmp/freebsd.mc.supp >> freebsd.mc
# rm /tmp/freebsd.mc.supp
# make freebsd.cf
# cp freebsd.cf sendmail.cf
# cat > /tmp/freebsd.submit.mc.supp
define(`confSMTP_LOGIN_MSG', `$j server ready at $b')
define(`confRECEIVED_HEADER', `$?sfrom $s $.$?_($?s$|from $.$_)
	$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
	$.by $j $?r with $r$. id $i$?{tls_version}
	(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
	for $u; $|;
	$.$b')
^D
# cat /tmp/freebsd.submit.mc.supp >> freebsd.submit.mc
# rm /tmp/freebsd.submit.mc.supp
# make freebsd.submit.cf
# cp freebsd.submit.cf submit.cf
# killall -HUP sendmail

Le serveur se comporte alors comme suit :

# telnet localhost 25
220 herisson.maison ESMTP server ready at Thu, 7 Nov 2002 13:30:46 +0100 (CET)
help
214-2.0.0 Disabled.
214 2.0.0 End of HELP info
quit
221 2.0.0 herisson.maison closing connection

Derniers avertissements

Notez que l'identification du serveur reste toujours possible par le biais de son implémentation du protocole SMTP (les combinaisons d'en-têtes utilisés en réponse pouvant être assez caractéristiques).

Ce que permet notamment de faire l'application smtpscan :

# smtpscan localhost
smtpscan version 0.3
Scanning localhost (127.0.0.1) port 25
...............

Result --
451:501:501:250:553:451:503:214:252:502:502:502:502:250:250

No exact match. Nearest matches :
  - Sendmail 8.11.0 (3) (with source email address checking - rbl, ...)
  - Sendmail 8.11.2 (3) (with source email address checking - rbl, ...)
  - Sendmail Switch-2.2.0 (3) (with source email address checking - rbl, ...)
  - Sendmail Switch-2.2.3 (3) (with source email address checking - rbl, ...)
  - Sendmail 8.11.6  (3) (with source email address checking - rbl, ...)
  - Sendmail 8.11.6  (3) (with source email address checking - rbl, ...)
  - Sendmail 8.12.2-8.12.5 (3) (with source email address checking - rbl, ...)
  - Sendmail 8.12.3 (3) (with source email address checking - rbl, ...)
  - Sendmail 8.11.6  (3) (with source email address checking - rbl, ...)
  - Sendmail 8.11.6,8.12.3 (3) (with source email address checking - rbl, ...)
  
  To help improving smtpscan database, if you know which soft is used there,
  please send a mail to zejames@greyhats.org, giving the output of smtpscan -v
  and the remote server version.

Malgré les rejets (code 451) liés au caractère non résolvable de mon domaine de test et même si cela laisse beaucoup de traces dans les fichiers journaux ("/var/log/maillog") :

Authentication-Warning: herisson.maison: localhost.maison [127.0.0.1] didn't use HELO \
 protocol
ruleset=check_mail, arg1=test@yahoo.com, relay=localhost.maison [127.0.0.1], \
 reject=451 4.1.8 Domain of sender address test@yahoo.com does not resolve
from=test@yahoo.com, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, \
 relay=localhost.maison [127.0.0.1]
localhost.maison [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
lost input channel from localhost.maison [127.0.0.1] to MTA after mail
from=<>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=localhost.maison \
 [127.0.0.1]
ruleset=check_mail, arg1=, \
 relay=localhost.maison [127.0.0.1], reject=451 4.1.8 Domain of sender address \
 impossibleaddress@thisdomaindoesnotandmustnotexists.com does not resolve
from=, size=0, class=0, \
 nrcpts=0, proto=SMTP, daemon=MTA, relay=localhost.maison [127.0.0.1]
ruleset=check_mail, arg1=, relay=localhost.maison [127.0.0.1], \
 reject=451 4.1.8 Domain of sender address test@yahoo.com does not resolve
from=, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, \
 relay=localhost.maison [127.0.0.1]
localhost.maison [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
localhost.maison [127.0.0.1]: VRFY root [rejected]
localhost.maison [127.0.0.1]: EXPN root [rejected]
localhost.maison [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
localhost.maison [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
localhost.maison [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
localhost.maison [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
localhost.maison [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

Dans les suites de cet article, nous examinons comment contrer deux outils de ce type : smtpscan et smtpmap.


[ Drapeau anglais English version | Informations légales | Ours | Manifeste | Charte | Nous contacter | Commenter cette page ]
[ Anneau FreeBSD | Liste des sites | Aller à : 5 précédents - précédent - au hasard - suivant - 5 suivants ]