SMTP Probes
Although SMTP probes can be legitimate uses of the network, they can also pose potential risks. They are sometimes used to see whether a bug remains unfixed. Sometimes they are used to try to gather user login names or to feed a program unexpected input in such a way that it breaks and gives away root privilege.
SMTP Debug
An “unfixed
bug” probe can use the SMTP debug
and showq commands. The SMTP
debug command allows the local
sendmail to be placed into debugging mode (as
with the -d command-line switch, Section 16.1) from any other machine anywhere on the
network. The SMTP showq command allows outsiders
to view the contents of the mail queue.
If SMTPDEBUG (SMTPDEBUG) is defined when sendmail is compiled, the SMTP debug and showq commands are allowed to work; otherwise, they are disabled. SMTPDEBUG should be defined only when modifying the sendmail code and testing a new version. It should never be defined in an official release of sendmail. To see whether it has been defined at your site, run the following command:
%telnet localhost 25Trying 123.45.6.7 ... Connected to localhost. Escape character is '^]'. 220 localhost sendmail 8.12 ready at Fri, 13 Dec 2002 06:36:12 -0800debug500 Command unrecognizedquit221 localhost.us.edu closing connection Connection closed by foreign host. %
When connected, enter the command debug. If you
get the answer 500 Command unrecognized, you know
that SMTPDEBUG is not enabled. If, on the other hand, you get the
answer 200 Debug set ...
Get Sendmail, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
