admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c88b645c8283339851eefd452064140bb06bf607
nuclei-templates/code/linux/audit/smtp-open-relay.yaml
ghost fc254a067f chore: sign templates 🤖
2025-08-29 10:06:03 +00:00

59 lines
2.1 KiB
YAML
Raw Blame History

id: smtp-open-relay
info:
name: Linux SMTP Open Relay Misconfigured
author: songyaeji
severity: high
description: |
Sendmail and Postfix were checked for proper restrictions against unauthorized relay attempts. Improper configurations allowed attackers to abuse the server for spam or denial-of-service (DoS) attacks.
reference:
- https://isms.kisa.or.kr
tags: linux,local,kisa,audit,compliance
self-contained: true
code:
- engine:
- bash
source: |
if ps -ef | grep -v grep | grep -q sendmail; then
if grep -q 'R\$.\* \$#error \$@ 5.7.1 \$: "550 Relaying denied"' /etc/mail/sendmail.cf 2>/dev/null \
|| (test -f /etc/mail/access.db && echo "[INFO] Sendmail access.db exists (relay likely restricted)"); then
echo "[SAFE] Sendmail relay restriction is configured."
else
echo "[VULNERABLE] Sendmail relay restriction is missing."
fi
else
echo "[INFO] Sendmail is not active."
fi
- engine:
- bash
source: |
if systemctl is-active postfix | grep -q running; then
mynetworks=$(grep -E '^\s*mynetworks\s*=' /etc/postfix/main.cf 2>/dev/null)
relay_restrict=$(grep -E '^\s*smtpd_relay_restrictions\s*=.*permit_mynetworks' /etc/postfix/main.cf 2>/dev/null)
reject_unauth=$(grep -E '^\s*smtpd_relay_restrictions\s*=.*reject_unauth_destination' /etc/postfix/main.cf 2>/dev/null)
if [[ -z "$mynetworks" || -z "$relay_restrict" || -z "$reject_unauth" ]]; then
echo "[VULNERABLE] Postfix relay restrictions are missing or misconfigured."
else
echo "[SAFE] Postfix relay restrictions are properly configured."
fi
else
echo "[INFO] Postfix is not active."
fi
matchers:
- type: word
name: sendmail
part: code_1_response
words:
- "[VULNERABLE]"
- type: word
name: postfix
part: code_2_response
words:
- "[VULNERABLE]"
# digest: 490a00463044022007bbf2c607700ae13d4c405a692792e71588ae5ba345fdaf3607a3857d7407c6022078e9830186951fe00d87c820cb91bd2cde6a00a10675cdf22267e85a4a5ccf60:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink