The scan report I got for mail relay appears to be false. The result is different when I try to relay from the command line. Below is the report from GVM:
Summary
The remote SMTP server is insufficiently protected against mail relaying.
Detection Result
The scanner was able to relay mails by sending those sequences:
Request: MAIL FROM: openvasvt@nyx
Answer: 250 OK
Request: RCPT TO: openvasvt@example.com
Answer: 250 Accepted
Request: data
Answer: 354 Enter message, ending with “.” on a line by itself
Request: OpenVASVT-Relay-Test
.
Answer: 250 OK id=1kIaO1-004Kpo-Ls
When I try to reproduce this on the command line, I get the following:
telnet mail.xxxxxxxxxxxx.com 587
Trying XXX.185.52.XXX…
Connected to mail.xxxxxxxxxxxx.com.
Escape character is ‘^]’.
220-xxxx4154.xxxxxxx.com ESMTP Exim 4.93 #2 Fri, 18 Sep 2020 12:16:05 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
MAIL FROM: openvasvt@nyx
550 HELO required before MAIL
ehlo haxor@home.com
250-xxxxxxx.xxxxxx.com Hello haxor@home.com [XXX.118.XX.XX]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
MAIL FROM: openvasvt@nyx
250 OK
RCPT TO: openvasvt@example.com
550 SMTP AUTH is required for message submission on port 587
Connection closed by foreign host.
I have performed the scan twice and gotten this false report. Each time I try from the command line, I cannot relay as the server closes the connection immediately after RCPT TO:. Why this discrepancy ? Can GVM be updated to include the entire mail transaction so the mail server version is seen in the report ?