poprelayd & sendmail Arbitrary Mail Relay

medium Nessus Plugin ID 11080


An open SMTP relay may be running on the remote host.


Nessus has detected that the remote SMTP server allows relaying for users which were identified by 'POP before SMTP'. The access control mechanism is based on the POP server logs. However, it is possible to poison these logs, which means that any spammer could be using your mail server to send their emails to the world, thus flooding your network bandwidth and possibly getting your mail server blacklisted.

Note that for some SMTP servers, such as Postfix, this plugin will display a false positive.


Disable poprelayd or upgrade it.

See Also



Plugin Details

Severity: Medium

ID: 11080

File Name: poprelayd_auth.nasl

Version: 1.29

Type: remote

Published: 8/14/2002

Updated: 3/6/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information


Risk Factor: Low

Score: 2.2


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N


Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/3/2001

Reference Information

CVE: CVE-2001-1075

BID: 2986