poprelayd & sendmail Arbitrary Mail Relay

medium Nessus Plugin ID 11080

Synopsis

An open SMTP relay may be running on the remote host.

Description

Nessus has detected that the remote SMTP server allows relaying for users which were identified by 'POP before SMTP'. The access control mechanism is based on the POP server logs. However, it is possible to poison these logs, which means that any spammer could be using your mail server to send their emails to the world, thus flooding your network bandwidth and possibly getting your mail server blacklisted.

Note that for some SMTP servers, such as Postfix, this plugin will display a false positive.

Solution

Disable poprelayd or upgrade it.

See Also

https://en.wikipedia.org/wiki/Email_spam

https://seclists.org/bugtraq/2001/Jul/64

Plugin Details

Severity: Medium

ID: 11080

File Name: poprelayd_auth.nasl

Version: 1.29

Type: remote

Published: 8/14/2002

Updated: 3/6/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/3/2001

Reference Information

CVE: CVE-2001-1075

BID: 2986