October 16th, 2002, 10:06 PM
Script for identifying Spam Relay
A while ago, our network had a problem of mail servers being abused by spammers as relays because email programs such as sendmail were being reactivated by patches or people simply not configuring the mail server properly and rather than pulling out a sledgehammer (like a commercial vulnerability scanner), I wrote a quick and dirty perl script to take output from nmap (that was run on just port 25) and then do a few tests on each mail server to make sure it wasn't setup to allow mail relay (I also had it do some others, but I removed those tests before this post, don't wanna send out anything destructive). Regardless, it has largely been responsible for clearing out the spam problems
It has seen light use by me and seems to work pretty well and is pretty quick and I have found it valuable. Now, before I put out the source, I want to mention some things:
1) This is a Quick and Dirty script, I have spent little time (other than comments) making it fast, effecient, or modular (I do plan on doing this), so there are probably things that if you are a perl programmer you would do differently
2) I learned to program in other languages such as C and 'picked up' perl. Therefore, I chose not to take advantage of some perl features, almost out of a lack of trust (for example, I will often implicitly define $_, so there is no room for misunderstanding), but more or less i am used to programming in C and make sparing use of perl features.
3) This is the first time I have tried to do I/O to sockets, so there may be some bugs/inefficiencies there (if you see them, by all means let me know, I like to learn), so keep that in mind that the implentation may not be the cleanest in the world.
4) I did look around before writing this and wasn't really satisified with anything I saw, so sorry if I reinvented the wheel. Also, I have removed some 'dangerous' features of the script because I don't feel right making it public, it is possible that the removal of the features may make the script not work properly.
5) This script is very loud and blatant (on purpose). Don't expect to run it and not be noticed (Ie, you had better have permission because people are going to see you do it).
The script is attached as a text file. Please let me know what you think! If for some reason you use part of the source code, please give credit where credit is due
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)