Date: Fri, 13 Jun 2003 07:01:11 -0400 (EDT) From: Paul Chvostek <paul+fbsd@it.ca> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Paul Chvostek <paul+fbsd@it.ca> Subject: ports/53277: [maintainer update]: mail/rlytest - Perl script to test for open SMTP relays Message-ID: <200306131101.h5DB1BFS061412@foo.it.ca> Resent-Message-ID: <200306131110.h5DBAGAd051129@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 53277
>Category: ports
>Synopsis: [maintainer update]: mail/rlytest - Perl script to test for open SMTP relays
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Fri Jun 13 04:10:16 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Paul Chvostek
>Release: FreeBSD 4.7-STABLE i386
>Organization:
>Environment:
System: FreeBSD foo.it.ca 4.7-STABLE FreeBSD 4.7-STABLE #1: Sun Nov 10 01:01:32 EST 2002 paul@foo.it.ca:/usr/src/sys/compile/foo i386
>Description:
Nasty perl dependencies, obsolete dist URL.
>How-To-Repeat:
n/a
>Fix:
diff -2ruN rlytest.old/Makefile rlytest/Makefile
--- rlytest.old/Makefile Tue Mar 18 03:30:45 2003
+++ rlytest/Makefile Fri Jun 13 06:53:32 2003
@@ -14,6 +14,6 @@
EXTRACT_ONLY= # defined
-MAINTAINER= paul@it.ca
-COMMENT= Test an SMTP host for third-party relay
+MAINTAINER= paul+ports@it.ca
+COMMENT= test remote system for unsecured mail relay
USE_PERL5= yes
@@ -24,15 +24,12 @@
pre-patch:
- perl -pe 's,^#!/usr/local/bin/perl$$,#!/usr/bin/perl,' < ${_DISTDIR}${DISTFILES} > ${WRKSRC}/rlytest
+ @${SED} '1s:^#!/usr/local/bin/perl:#!${PERL}:' < ${_DISTDIR}${DISTFILES} > ${WRKSRC}/rlytest
do-build:
- pod2man ${WRKSRC}/rlytest > ${WRKSRC}/rlytest.1
+ @pod2man ${WRKSRC}/rlytest > ${WRKSRC}/rlytest.1
do-install:
- ${INSTALL_SCRIPT} ${WRKSRC}/rlytest ${PREFIX}/bin/
- ${INSTALL_MAN} ${WRKSRC}/rlytest.1 ${PREFIX}/man/man1/
-
-post-install:
- ${CAT} ${PKGMESSAGE}
+ @${INSTALL_SCRIPT} ${WRKSRC}/rlytest ${PREFIX}/bin/
+ @${INSTALL_MAN} ${WRKSRC}/rlytest.1 ${PREFIX}/man/man1/
.include <bsd.port.mk>
diff -2ruN rlytest.old/pkg-descr rlytest/pkg-descr
--- rlytest.old/pkg-descr Mon May 3 01:50:32 1999
+++ rlytest/pkg-descr Fri Jun 13 06:29:54 2003
@@ -7,10 +7,9 @@
menace to the Internet.
-See http://www.unicom.com/sw/#rlytest for mor information.
+See http://www.unicom.com/sw/rlytest for more information.
-rlytest was written by Chip Rosenthal, and is featured at
-http://maps.vix.com/tsi/ and http://www.badrelay.org/.
+pxytest was written by Chip Rosenthal.
-- Paul Chvostek <paul@it.ca>
+- Paul Chvostek <paul+ports@it.ca>
-WWW: http://www.unicom.com/sw/#rlytest
+WWW: http://www.unicom.com/sw/rlytest
diff -2ruN rlytest.old/pkg-message rlytest/pkg-message
--- rlytest.old/pkg-message Mon Jan 25 22:20:56 1999
+++ rlytest/pkg-message Wed Dec 31 19:00:00 1969
@@ -1,18 +0,0 @@
-
-NOTE: If you wish to make easier use of the rlytest program from within
-scripts, you might want to modify the exit codes it uses. Line 122 of
-the script contains the exit code used if the relay was accepted (bad),
-and line 165 contains the exit code used if the relay was rejected
-(good). The original author has expressed a wish that his code not be
-modified automatically in this way by this distribution, but if you wish
-to modify your local copy, you should feel free to do so.
-
-If you just change the "0" line line 122 to a "1", then in shell scripts
-you'll be able to use constructs like:
-
- if /usr/local/bin/rlytest $hostname >/dev/null 2>/dev/null ; then
- echo "$hostname is good"
- else
- echo "$hostname is evil"
- fi
-
diff -2ruN rlytest.old/work/.PLIST.mktmp rlytest/work/.PLIST.mktmp
--- rlytest.old/work/.PLIST.mktmp Wed Dec 31 19:00:00 1969
+++ rlytest/work/.PLIST.mktmp Fri Jun 13 06:40:48 2003
@@ -0,0 +1,4 @@
+man/man1/rlytest.1.gz
+@unexec rm -f %D/man/cat1/rlytest.1 %D/man/cat1/rlytest.1.gz
+bin/rlytest
+@unexec if [ -f %D/info/dir ]; then if sed -e '1,/Menu:/d' %D/info/dir | grep -q '^[*] '; then true; else rm %D/info/dir; fi; fi
diff -2ruN rlytest.old/work/rlytest rlytest/work/rlytest
--- rlytest.old/work/rlytest Wed Dec 31 19:00:00 1969
+++ rlytest/work/rlytest Fri Jun 13 06:40:41 2003
@@ -0,0 +1,379 @@
+#!/usr/bin/perl
+#
+# $Id: rlytest,v 1.22 2001/10/22 22:02:48 chip Exp $
+#
+# $Log: rlytest,v $
+# Revision 1.22 2001/10/22 22:02:48 chip
+# updated message
+#
+# Revision 1.21 2001/10/22 19:57:38 chip
+# updated URLs
+#
+# Revision 1.20 2000/06/21 09:02:09 chip
+# Produce useful diagnostic if socket fails.
+# Thanks to Paul Ewing Jr. <ewing@ima.umn.edu>
+#
+# Revision 1.19 2000/06/11 06:21:49 chip
+# now uses exit status 2 to indicate successful relay submission
+# added $EX_RELAY_ACCEPTED $EX_RELAY_REJECTED $EX_PROGRAM_ERROR
+#
+# Revision 1.18 2000/04/04 08:25:32 chip
+# changed default domain from acme.com to example.com
+#
+# Revision 1.17 1999/08/20 07:11:54 chip
+# moved uid=0 check before calculate_fqdn is called (oof!)
+# thanks to Paul David Fardy <pdf@morgan.ucs.mun.ca> for catching that
+#
+# Revision 1.16 1999/05/25 15:51:57 chip
+# added $Root_check to avoid running as root
+# remove $! from socket creation failure, people were finding it confusing
+#
+#
+# rlytest - test mail host for third-party relay
+# (see POD documentation at end)
+#
+# Chip Rosenthal
+# Unicom Systems Development
+# <chip@unicom.com>
+#
+
+require 5.002;
+use strict;
+use Getopt::Std;
+use IO::Socket; # warning - IO::Socket was an optional add-on prior to 5.004
+use Time::gmtime;
+use vars qw($Usage $Dflt_hostname $Dflt_domain $Root_check %Opts
+ $Target_host $Timeout $Hostname $Username $Comment
+ $Actual_sender $MailFrom_addr $RcptTo_addr $Mssg_body);
+
+$0 =~ s!.*/!!;
+$Usage = "usage: $0 [-f sender_addr] [-u recip_addr] [-c comment] [-t timeout] target_host";
+
+use vars qw($EX_RELAY_ACCEPTED $EX_RELAY_REJECTED $EX_PROGRAM_ERROR);
+$EX_RELAY_REJECTED = 0;
+$EX_RELAY_ACCEPTED = 2;
+$EX_PROGRAM_ERROR = 1;
+
+#
+# Host name configuration - Leave these commented out unless the
+# calculate_fqdn() routine is unable to calculate your FQDN (fully
+# qualified domain name) correctly. You'll know if it fails, because
+# the script will bomb out bitching about the FQDN. If this happens,
+# try setting $Dflt_domain to your domain. Or, if you like, you
+# may hardwire $Dflt_hostname to a particular FQDN.
+#
+### $Dflt_domain = "example.com";
+### $Dflt_hostname = "dopey.example.com";
+
+#
+# This utility does not need to be run as root. In fact, there is
+# a potential problem in doing so. In the "calculate_fqdn" subroutine,
+# one of the ways it tries to obtain the host name is with "hostname -f".
+# While this works on some systems, on others it will attempt to change
+# the local hostname to "-f"!
+#
+$Root_check = 1;
+
+if ($Root_check && $> == 0) {
+ print STDERR q[
+You should not be running this as root!
+Recommend you abort and run as a nonprivileged user.
+Pausing 10 seconds.];
+ foreach $_ (1 .. 10) {
+ print STDERR ".";
+ sleep 1;
+ }
+ print STDERR "\n";
+}
+
+#
+# Unbuffered output.
+#
+autoflush STDOUT 1;
+
+#
+# Crack command line.
+#
+getopts('c:f:t:u:', \%Opts)
+ or die "$Usage";
+die "$Usage\n"
+ unless (@ARGV == 1);
+$Target_host = shift;
+
+#
+# Initialize parameters.
+#
+$Timeout = $Opts{'t'} || 60;
+$Hostname = calculate_fqdn()
+ or die "$0: cannot determine FQDN\n";
+$Username = $ENV{'LOGNAME'} || $ENV{'USER'} || die "$0: LOGNAME undefined\n";
+$Actual_sender = $Username . "\@" . $Hostname;
+$RcptTo_addr = $Opts{'u'} || $Actual_sender;
+$Comment = $Opts{'c'} . "\n"
+ if ($Opts{'c'});
+
+if ($Opts{'f'} ne "") {
+ $MailFrom_addr = $Opts{'f'};
+} elsif ($Target_host =~ /^\d+\.\d+\.\d+\.\d+$/) {
+ $MailFrom_addr = "nobody\@[${Target_host}]";
+} else {
+ $MailFrom_addr = "nobody\@${Target_host}";
+}
+
+#
+# Construct the test message.
+#
+$Mssg_body =
+ "To: $RcptTo_addr\n"
+ . "From: $MailFrom_addr\n"
+ . "Subject: test for susceptibility to third-party mail relay\n"
+ . "Date: " . arpa_date(time()) . "\n"
+ . "Message-Id: <rlytest-" . time() . "-" . $$ . "\@$Hostname>\n"
+ . "Sender: $Actual_sender\n"
+ . qq[
+This message is a test probe, to ensure that your mail server is secured
+against third-party mail relay. This is NOT an attempt to hack or
+crack your system, but just to ensure the system are secured against
+this common vulnerability. This test usually is performed by a system
+administrator who is trying to determine the source of a spam email.
+
+A well-configured mail server should NOT relay third-party email.
+Otherwise, the server is subject to attack and hijack by Internet vandals
+and spammers. For information on how to secure a mail server against
+third-party relay, visit <URL: http://mail-abuse.org/tsi/>.
+
+This probe was generated by the "rlytest" utility. For more information,
+visit <URL: http://www.unicom.com/sw/rlytest/>.
+
+ Target host = $Target_host
+ Test performed by <$Actual_sender>
+
+If you have any concern about this test, please contact the person listed
+in the "test performed by" line above.
+
+${Comment}
+.
+];
+
+#
+# Connect and execute SMTP diaglog.
+#
+print "Connecting to $Target_host ...\n";
+my $sock = IO::Socket::INET->new(
+ Proto => "tcp",
+ PeerAddr => $Target_host,
+ PeerPort => "smtp(25)",
+ Timeout => $Timeout)
+ or die "$0: socket failed: cannot connect to $Target_host: $@\n";
+
+$SIG{'ALRM'} = sub { die "$0: timeout waiting for socket I/O\n"; };
+$sock->autoflush(1);
+read_response($sock);
+write_command($sock, "HELO $Hostname\n");
+write_command($sock, "MAIL FROM:<$MailFrom_addr>\n");
+write_command($sock, "RCPT TO:<$RcptTo_addr>\n");
+write_command($sock, "DATA\n");
+write_command($sock, $Mssg_body, "(message body)\n");
+my $code = write_command($sock, "QUIT\n");
+
+#
+# Dialog successful (which is bad -- that means the relay was accepted).
+#
+warn "$0: relay accepted - final response code $code\n";
+exit($EX_RELAY_ACCEPTED);
+
+
+#
+# usage: write_command($sock, $data_to_send[, $mssg_to_display])
+#
+sub write_command
+{
+ my $sock = shift;
+ my $data = shift;
+ my $mssg = shift || $data;
+ print ">>> $mssg";
+ $data =~ s/\n/\r\n/g;
+ alarm($Timeout);
+ $sock->print($data)
+ or die "$0: socket write failed [$!]\n";
+ alarm(0);
+ return read_response($sock);
+}
+
+
+#
+# usage: $response_code = read_response($sock);
+#
+sub read_response
+{
+ my $sock = shift;
+ my($code, $cont, $mssg);
+
+ do {
+ alarm($Timeout);
+ chop($_ = $sock->getline());
+ alarm(0);
+ ($code, $cont, $mssg) = /(\d\d\d)(.)(.*)/;
+ print "<<< ", $_, "\n";
+ } while ($cont eq "-");
+ return $code
+ if ($code >= 200 && $code < 400);
+
+ alarm($Timeout);
+ $sock->print("QUIT\r\n");
+ alarm(0);
+ warn "$0: relay rejected - final response code $code\n";
+ exit($EX_RELAY_REJECTED);
+}
+
+
+#
+# usage: $hostname = calculate_fqdn();
+#
+sub calculate_fqdn
+{
+ my @trycmds = ("hostname", "hostname -f", "uname -n");
+ my $cmd;
+ my $hostname;
+
+ return $Dflt_hostname
+ if ($Dflt_hostname);
+
+ foreach $cmd (@trycmds) {
+ chop($hostname = `$cmd`);
+ return $hostname
+ if ($hostname =~ /\./);
+ return $hostname . "." . $Dflt_domain
+ if ($hostname && $Dflt_domain);
+ }
+
+ die "$0: cannot determine FQDN - please set \$Dflt_domain or \$Dflt_hostname\n"
+}
+
+
+#
+# usage: $date_header = arpa_date($secs_since_epoch)
+#
+sub arpa_date
+{
+ my $gm = gmtime(shift);
+ my @Day_name = ("Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat");
+ my @Month_name = (
+ "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
+
+ sprintf("%-3s, %02d %-3s %4d %02d:%02d:%02d GMT",
+ $Day_name[$gm->wday],
+ $gm->mday, $Month_name[$gm->mon], 1900+$gm->year,
+ $gm->hour, $gm->min, $gm->sec);
+
+}
+
+
+__END__
+
+=head1 NAME
+
+rlytest - test mail host for third-party relay
+
+=head1 SYNOPSIS
+
+B<rlytest>
+[B<-f> sender_addr]
+[B<-u> recip_addr]
+[B<-c> I<comment>]
+[B<-t> I<timeout>]
+I<target_host>
+
+=head1 DESCRIPTION
+
+The B<rlytest> utility performs a test on I<target_host> to determine
+whether it will relay third-party email. It will try to relay an
+email message to yourself through that host. A host that allows
+third-party relay is subject to attack by Internet vandals, and
+frequently is hijacked by spammers to relay massive amounts of junk
+email. A host that allows third-party relay should be B<immediately>
+secured, disconnected, or shunned as a menace to the Internet.
+
+The following options are available:
+
+=over 4
+
+=item B<-f> I<sender_addr>
+
+Specifies the (C<MAIL FROM>) email address to use on the probe.
+By default, B<rlytest> tries to calculate an email address in the
+target domain. This is to ensure that the host is not using simple
+(and easily defeated) envelope checks for anti-relay protection.
+
+=item B<-u> I<recip_addr>
+
+Specifies the (C<RCPT TO>) email address to use on the probe. By
+default, B<rlytest> tries to calculate your email address and use
+that. A host that is susceptible to relay will deliver a probe
+message to this address.
+
+=item B<-c> I<comment>
+
+Embed I<comment> in the body of the test message. This may
+be useful, for instance, if you are doing some automatic testing
+and want to insert cookies into the messages.
+
+=item B<-t> I<timeout>
+
+Sets the timeout value (default is 60 seconds) for certain
+operations.
+
+=back
+
+If the remote host refused to relay the message, the program
+will terminate with a zero exit status dislay a message to
+I<stderr> similar to:
+
+ rlytest: relay rejected - status code 571
+
+If the message was accepted, the program will terminate with an
+exit status of 2 and display a message to I<stderr> similar to:
+
+ rlytest: relay accepted - status code 221
+
+Any other (non-zero) exit status indicates a program error, such as a
+bad hostname or host not resopnding.
+
+=head1 EXAMPLE
+
+Here is an example, showing a host that refuses third-party relay:
+
+ $ ./rlytest mail.example.dom
+ Connecting to mail.example.dom ...
+ <<< 220 mail.example.dom ready
+ >>> HELO garcon.unicom.com
+ <<< 250 Hello garcon.unicom.com, pleased to meet you
+ >>> MAIL FROM:<nobody@mail.example.dom>
+ <<< 250 <chip@garcon.unicom.com>... Sender ok
+ >>> RCPT TO:<chip@garcon.unicom.com>
+ <<< 550 <chip@garcon.unicom.com>... Relaying Denied
+ rlytest: relay rejected - status code 550
+
+=head1 BUGS
+
+There is no reliable and portable method to determine the local
+host's fully qualified domain name. If the utility bombs out
+complaining about FQDN problems, read the "host name configuration"
+information near the top of the script.
+
+=head1 SEE ALSO
+
+mail(1),
+sendmail(8),
+smtpd(8)
+
+=head1 AUTHOR
+
+ Chip Rosenthal
+ Unicom Systems Development
+ <chip@unicom.com>
+
+ $Id: rlytest,v 1.22 2001/10/22 22:02:48 chip Exp $
+ See http://www.unicom.com/sw/#rlytest for latest version.
+
diff -2ruN rlytest.old/work/rlytest.1 rlytest/work/rlytest.1
--- rlytest.old/work/rlytest.1 Wed Dec 31 19:00:00 1969
+++ rlytest/work/rlytest.1 Fri Jun 13 06:40:41 2003
@@ -0,0 +1,303 @@
+.rn '' }`
+''' $RCSfile$$Revision$$Date$
+'''
+''' $Log$
+'''
+.de Sh
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp
+.if t .sp .5v
+.if n .sp
+..
+.de Ip
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.de Vb
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve
+.ft R
+
+.fi
+..
+'''
+'''
+''' Set up \*(-- to give an unbreakable dash;
+''' string Tr holds user defined translation string.
+''' Bell System Logo is used as a dummy character.
+'''
+.tr \(*W-|\(bv\*(Tr
+.ie n \{\
+.ds -- \(*W-
+.ds PI pi
+.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
+''' \*(L" and \*(R", except that they are used on ".xx" lines,
+''' such as .IP and .SH, which do another additional levels of
+''' double-quote interpretation
+.ds M" """
+.ds S" """
+.ds N" """""
+.ds T" """""
+.ds L' '
+.ds R' '
+.ds M' '
+.ds S' '
+.ds N' '
+.ds T' '
+'br\}
+.el\{\
+.ds -- \(em\|
+.tr \*(Tr
+.ds L" ``
+.ds R" ''
+.ds M" ``
+.ds S" ''
+.ds N" ``
+.ds T" ''
+.ds L' `
+.ds R' '
+.ds M' `
+.ds S' '
+.ds N' `
+.ds T' '
+.ds PI \(*p
+'br\}
+.\" If the F register is turned on, we'll generate
+.\" index entries out stderr for the following things:
+.\" TH Title
+.\" SH Header
+.\" Sh Subsection
+.\" Ip Item
+.\" X<> Xref (embedded
+.\" Of course, you have to process the output yourself
+.\" in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
+..
+.nr % 0
+.rr F
+.\}
+.TH RLYTEST 1 "perl 5.005, patch 03" "13/Jun/2003" "User Contributed Perl Documentation"
+.UC
+.if n .hy 0
+.if n .na
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ \" put $1 in typewriter font
+.ft CW
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+. \" AM - accent mark definitions
+.bd B 3
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds ? ?
+. ds ! !
+. ds /
+. ds q
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds v \h'-1'\o'\(aa\(ga'
+. ds _ \h'-1'^
+. ds . \h'-1'.
+. ds 3 3
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+. ds oe oe
+. ds Oe OE
+.\}
+.rm #[ #] #H #V #F C
+.SH "NAME"
+rlytest \- test mail host for third-party relay
+.SH "SYNOPSIS"
+\fBrlytest\fR
+[\fB\-f\fR sender_addr]
+[\fB\-u\fR recip_addr]
+[\fB\-c\fR \fIcomment\fR]
+[\fB\-t\fR \fItimeout\fR]
+\fItarget_host\fR
+.SH "DESCRIPTION"
+The \fBrlytest\fR utility performs a test on \fItarget_host\fR to determine
+whether it will relay third-party email. It will try to relay an
+email message to yourself through that host. A host that allows
+third-party relay is subject to attack by Internet vandals, and
+frequently is hijacked by spammers to relay massive amounts of junk
+email. A host that allows third-party relay should be \fBimmediately\fR
+secured, disconnected, or shunned as a menace to the Internet.
+.PP
+The following options are available:
+.Ip "\fB\-f\fR \fIsender_addr\fR" 4
+Specifies the (\f(CWMAIL FROM\fR) email address to use on the probe.
+By default, \fBrlytest\fR tries to calculate an email address in the
+target domain. This is to ensure that the host is not using simple
+(and easily defeated) envelope checks for anti-relay protection.
+.Ip "\fB\-u\fR \fIrecip_addr\fR" 4
+Specifies the (\f(CWRCPT TO\fR) email address to use on the probe. By
+default, \fBrlytest\fR tries to calculate your email address and use
+that. A host that is susceptible to relay will deliver a probe
+message to this address.
+.Ip "\fB\-c\fR \fIcomment\fR" 4
+Embed \fIcomment\fR in the body of the test message. This may
+be useful, for instance, if you are doing some automatic testing
+and want to insert cookies into the messages.
+.Ip "\fB\-t\fR \fItimeout\fR" 4
+Sets the timeout value (default is 60 seconds) for certain
+operations.
+.PP
+If the remote host refused to relay the message, the program
+will terminate with a zero exit status dislay a message to
+\fIstderr\fR similar to:
+.PP
+.Vb 1
+\& rlytest: relay rejected - status code 571
+.Ve
+If the message was accepted, the program will terminate with an
+exit status of 2 and display a message to \fIstderr\fR similar to:
+.PP
+.Vb 1
+\& rlytest: relay accepted - status code 221
+.Ve
+Any other (non-zero) exit status indicates a program error, such as a
+bad hostname or host not resopnding.
+.SH "EXAMPLE"
+Here is an example, showing a host that refuses third-party relay:
+.PP
+.Vb 10
+\& $ ./rlytest mail.example.dom
+\& Connecting to mail.example.dom ...
+\& <<< 220 mail.example.dom ready
+\& >>> HELO garcon.unicom.com
+\& <<< 250 Hello garcon.unicom.com, pleased to meet you
+\& >>> MAIL FROM:<nobody@mail.example.dom>
+\& <<< 250 <chip@garcon.unicom.com>... Sender ok
+\& >>> RCPT TO:<chip@garcon.unicom.com>
+\& <<< 550 <chip@garcon.unicom.com>... Relaying Denied
+\& rlytest: relay rejected - status code 550
+.Ve
+.SH "BUGS"
+There is no reliable and portable method to determine the local
+host's fully qualified domain name. If the utility bombs out
+complaining about FQDN problems, read the \*(L"host name configuration\*(R"
+information near the top of the script.
+.SH "SEE ALSO"
+\fImail\fR\|(1),
+\fIsendmail\fR\|(8),
+\fIsmtpd\fR\|(8)
+.SH "AUTHOR"
+.PP
+.Vb 3
+\& Chip Rosenthal
+\& Unicom Systems Development
+\& <chip@unicom.com>
+.Ve
+.Vb 2
+\& $Id: rlytest,v 1.22 2001/10/22 22:02:48 chip Exp $
+\& See http://www.unicom.com/sw/#rlytest for latest version.
+.Ve
+
+.rn }` ''
+.IX Title "RLYTEST 1"
+.IX Name "rlytest - test mail host for third-party relay"
+
+.IX Header "NAME"
+
+.IX Header "SYNOPSIS"
+
+.IX Header "DESCRIPTION"
+
+.IX Item "\fB\-f\fR \fIsender_addr\fR"
+
+.IX Item "\fB\-u\fR \fIrecip_addr\fR"
+
+.IX Item "\fB\-c\fR \fIcomment\fR"
+
+.IX Item "\fB\-t\fR \fItimeout\fR"
+
+.IX Header "EXAMPLE"
+
+.IX Header "BUGS"
+
+.IX Header "SEE ALSO"
+
+.IX Header "AUTHOR"
+
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306131101.h5DB1BFS061412>