Although SMTP probes can be legitimate uses of the network, they can also pose potential risks. They are sometimes used to see whether a bug remains unfixed. Sometimes they are used to try to gather user login names or to feed a program unexpected input in such a way that it breaks and gives away root privilege.
bug” probe can use the SMTP
showq commands. The SMTP
debug command allows the local
sendmail to be placed into debugging mode (as
-d command-line switch, Section 16.1) from any other machine anywhere on the
network. The SMTP
showq command allows outsiders
to view the contents of the mail queue.
If SMTPDEBUG (SMTPDEBUG) is defined when sendmail is compiled, the SMTP debug and showq commands are allowed to work; otherwise, they are disabled. SMTPDEBUG should be defined only when modifying the sendmail code and testing a new version. It should never be defined in an official release of sendmail. To see whether it has been defined at your site, run the following command:
telnet localhost 25Trying 126.96.36.199 ... Connected to localhost. Escape character is '^]'. 220 localhost sendmail 8.12 ready at Fri, 13 Dec 2002 06:36:12 -0800
debug500 Command unrecognized
quit221 localhost.us.edu closing connection Connection closed by foreign host. %
When connected, enter the command
debug. If you
get the answer
500 Command unrecognized, you know
that SMTPDEBUG is not enabled. If, on the other hand, you get the
200 Debug set ...