Rick Lutowski wrote:
>> mail.jreality.com:
>> Interesting ports on adsl-65-68-229-225.jreality.com (65.68.229.225):
>> PORT STATE SERVICE VERSION
>> 9/tcp open discard?
>> 13/tcp open daytime
>> 25/tcp open smtp Exim smtpd 3.36
>> 37/tcp open time (32 bits)
>> 80/tcp open http Apache httpd 1.3.33 ((Debian GNU/Linux))
>> 98/tcp open linuxconf Linuxconf (Access denied)
>> 110/tcp open pop3 Qpopper pop3d 4.0.5
>> 111/tcp open rpcbind 2 (rpc #100000)
>> 113/tcp open ident OpenBSD identd
>> Device type: general purpose
>> Running: Linux 2.1.X|2.2.X
>> OS details: Linux 2.1.19 - 2.2.25
>> Uptime 2.430 days (since Mon Jan 1 23:13:58 2007)
>> Service Info: Host: www.jreality.com; OS: OpenBSD
>
> Curious as to how you got this list. What command?
>
nmap -A -O mail.jreality.com does this kind of output.
Most theses services on debian are activated by inetd. You can edit
/etc/inetd.conf to remove unnecessary services, then restart inetd.
>From the scan, I guess you have or at least had a very old debian system
(probably 2.2 potato). It is worth noting that exim 3.x is not supported
anymore by this list and you should really upgrade to 4.x.
Here is a way to send spam from your server:
telnet mail.jreality.com 25
Trying 65.68.229.225...
Connected to jreality.com.
Escape character is '^]'.
220
www.jreality.com ESMTP Exim 3.36 #1 Thu, 04 Jan 2007 11:12:50 -0600
helo test
250
www.jreality.com Hello mail.eriador.org [85.201.63.39]
mail from:<renaud@???>
250 <renaud@???> is syntactically correct
rcpt to:<nonexistentuser@???>
250 <nonexistentuser@???> is syntactically correct
data
354 Enter message, ending with "." on a line by itself
this is spam
.
250 OK id=1H2W9c-0006p4-00
quit
221
www.jreality.com closing connection
This delivers a bounce to the sender containing the spam message. (my
spam filters destroyed it, but I received it)
2007-01-04 16:44:55 1H2Ulz-0006uX-37 <= <> H=(
www.jreality.com)
[65.68.229.225]:4969 I=[209.216.230.19]:25 P=esmtp S=1420
id=E1H2W9g-0006p8-00@www.jreality.com
T="Mail delivery failed: returning message to sender" from <> for
renaud@???
2007-01-04 16:44:55 1H2Ulz-0006uX-37 => blackhole (DATA ACL discarded
recipients): bogus bounce for <renaud@???>.
2007-01-04 16:44:55 1H2Ulz-0006uX-37 Completed
--
010100100110010101101110011000010111010101100100
010000010110110001101100011000010111001001100100