WinGate Forums

[dbdataplus12]

Just when life was good (for about 8 minutes) we started getting complaints from a client Right Next To Down Under that they weren't getting our mail. Turns out zen.spamhaus.org JUST listed us as an open proxy. Below is their trace.

Before anyone suggests it, we can't upgrade our Sendmail right now. We're stuck with it for a while longer and, technically, the primary reason we put Wingate in front of it was because of Wingate's ability to help mask it.

Below is their trace of why we're an Open Proxy -- what can Wingate do to close this hole?


--------------------------------------------------------------------------------64.129.12.79:wg:23: << \377\373\1\377\373\3\377\375\3
64.129.12.79:wg:23: << WinGate>
64.129.12.79:wg:23: >> 69.28.95.131:25\r\n
64.129.12.79:wg:23: >> help njablproxytest\r\n
64.129.12.79:wg:23: << 6
64.129.12.79:wg:23: << 9.28.95.131:25\r\n
64.129.12.79:wg:23: << Connecting to host 69.28.95.131...
64.129.12.79:wg:23: << Connected\r\n
64.129.12.79:wg:23: << 220 rt.njabl.org ESMTP Sendmail 8.13.1/8.13.1; Tue, 14 Aug 2007 12:31:51 -0400\r\n
64.129.12.79:wg:23: << 214-2.0.0 njabl.org proxytest response to 64.129.12.79\r\n
64.129.12.79:wg:23: << 214 2.0.0 End of HELP info\r\n
64.129.12.79 wg:23 open
--------------------------------------------------------------------------------64.129.12.79:wg:23: << \377\373\1\377\373\3\377\375\3
64.129.12.79:wg:23: << WinGate>
64.129.12.79:wg:23: >> 69.28.95.139:25\r\n
64.129.12.79:wg:23: >> help njablproxytest\r\n
64.129.12.79:wg:23: << 6
64.129.12.79:wg:23: << 9.28.95.139:25\r\n
64.129.12.79:wg:23: << Connecting to host 69.28.95.139...
64.129.12.79:wg:23: << Connected\r\n
64.129.12.79:wg:23: << 220 rt5.njabl.org ESMTP Sendmail 8.13.1/8.13.1; Tue, 14 Aug 20
64.129.12.79:wg:23: << 07 11:20:57 -0400\r\n
64.129.12.79:wg:23: << 214-2.0.0 njabl.org proxytest response to 64.129.12.79\r\n
64.129.12.79:wg:23: << 214 2.0.0 End of HELP info\r\n
64.129.12.79 wg:23 open
--------------------------------------------------------------------------------64.129.12.79:fu:21: << 220 WinGate Engine FTP Gateway ready\r\n
64.129.12.79:fu:21: Proxy-agent: WinGate Engine FTP Gateway
64.129.12.79:fu:21: >> USER dummy@209.208.0.16:25\r\n
64.129.12.79:fu:21: >> help njablproxytest\r\n
64.129.12.79:fu:21: << 214-2.0.0 njabl.org proxytest response to 64.129.12.79\r\n
64.129.12.79 fu:21 open
--------------------------------------------------------------------------------

[dbdataplus12]

OK - I got it ... I don't know that telnet/ftp services allowed port redirection

[adrien]

Hi, you definitely don't want to run telnet, pop3, socks, or ftp proxies on external interfaces without requiring some form of auth or other security measures.

Regards

Adrien