This is the README file for COMRAD version 1.0. COMRAD - the CAIW Open Mail Relay Automatic Detection system - is a suite of perl scripts that can be used as the basis of an automated open mail relay test system. OVERVIEW -------- The ortest script tries to connect to the smtp port of the specified ip address. If a connection can be made, it tries a number of sender / recipient combinations to see if the smtp server can be used as a relay. The exit status of ortest indicates it findings: 0 - a mail server was active but no relay messages were accepted 1 - a mail server was active and at least one relay message was accepted 2 - no mail server could be contacted at the specified ip address 3 - parameter error (not a valid ip address?) The orrecv script acts as a companion to ortest. Because ortest can produce false positives (e.g. a mail server accepts the relay message for delivery but doesn't actually deliver it) relying exclusively on ortest might not be advisable. The orrecv script normally acts as the recipient of the relay address specified in ortest (e.g. by specifying |/path/to/orrecv in the sendmail aliases file) and scans all incoming messages to see if they were generated by the ortest script. If it finds one it will send an alert by email to a configurable address containing the offending relay message. This is the only "real" proof that a mail server acts as a relay. The orscan script is a wrapper for calling ortest on a range of ip addresses. Its operation is controlled by two configuration files; one defines series of ip ranges, the other defines different sets of these ranges to be scanned in a single run of orscan. INSTALLATION ------------ The scripts require a reasonably recent perl; furthermore they depend on a few perl modules: - ortest depends on: Socket , Net::SMTP , Digest::MD5 - orrecv depends on: Digest::MD5 , Mail::Mailer - orscan depends on: Socket You will have to edit ortest, orrecv and orscan to change their configuration to your local needs. All scripts have a configuration section where you can set the following: ortest configuration -------------------- $verbose - set to 1 to get loads of debug info on stdout $timeout - timeout (in seconds) for the SMTP connection $myuser - localpart of the email address that will receive any relayed messages $mydomain - domain part of the email address that will receive relayed messages (i.e. relayed messages will go to <$myuser@$mydomain>) $mybounce - localpart of an email address in $mydomain that will discard any message sent to it $validip - perl-compatible regex that is used to validate the ip address given to ortest. This can be used to restrict ortest to only scan ip addresses under your administative control. Set to "." to allow scanning any address $relaysubj - subject line of the relay test message $relaymsg - body of the relay message. Put something useful here, because the test messages might end up in the mailbox of some unsuspecting postmaster. At least indicate the origin and a contact address @tests - templates for the sender/recipient combinations that ortest will try. You probably don't want to change this $md5key - set this to some random string. This value is used to seed a checksum that orrecv uses to validate incoming messages orrecv configuration -------------------- $verbose - set to 1 to get loads of debug info on stdout (not very useful since only your mail system will see the output of orrecv) $smtphost - ip address or hostname of the smtp server used for outgoing alert messages $runfile - path to a file that will store the checksums of incoming relay messages (so one invocation of ortest does not result in a flood of alert messages for the same ip address) $md5key - set this to the same value that you put in ortest %headers - the mail headers that will be set on all alert messages orscan configuration -------------------- $verbose - set to 1 to get loads of debug info on stdout $ortest - location of the ortest script $rangefile - location of the orscan.ranges file (the file that contains series of ip ranges) $rangesetsfile - location of the orscan.rangesets file (the file that collates ip ranges from the orscan.ranges file to range sets) USAGE ----- ortest usage ------------ The commandline syntax for ortest is: ortest a.b.c.d [requester] where a.b.c.d is a valid dotted-decimal ip address and the optional requester argument is sent along in the relay test emails to identify who initiated the relay test (if not present, the value of environment variable LOGNAME is taken, if present but empty no requester is sent). The ortest script will at present do the same tests as the orbz.org webpage describes (http://www.orbz.org/tests.php): -> -> <> -> -> -> -> <\"myuser@mydomain\"> -> <\"myuser%mydomain\"> -> -> <\"myuser@mydomain\"@DOMAIN> -> <@DOMAIN:myuser@mydomain> -> -> -> where DOMAIN is replaced in sequence by [127.0.0.1], [a.b.c.d], localhost, the fqdn of ip address a.b.c.d and the name with which the remote mailserver announces itself. orrecv usage ------------ Just put orrecv somewhere on the incoming mailserver for myuser@mydomain and configure your mailserver so that all mail for myuser@mydomain gets fed to the stdin of orrecv. Make sure orrecv can connect to the configured $smtphost to deliver a message to the address specified in %headers. That's it! orscan usage ------------ The commandline syntax for orscan is: ortest n where n is the number of the set defined in orscan.rangesets. All the ip addresses in the ranges listed in set n will be scanned with ortest. AUTHOR ------ COMRAD was written by Hans Hoppe at CAIW Netwerken BV You can obtain a copy of COMRAD at http://www.as15435.net/comrad/