The current set of vulnerablities ORBS checks for is as follows:

classic "wide open relay"

   MAIL FROM:<spambag@fake.domain>
   RCPT TO:<victim@target>
the classic "wide open relay"

sendmail 8.8, double quote

   MAIL FROM:<spambag@fake.domain>
   RCPT TO:<"victim@target"> 
with the "" in there. Sendmail 8.8-specific (although Lotus Notes and other MTAs may exhibit this fault if incorrectly secured). Patch has been available since August 1998 - see the sendmail section of the ORBS fixup page Heavily exploited by spammers.

no < >

   MAIL FROM:<spambag@fake.domain>          
   RCPT TO: victim@target                                                     
no <>, this test is non-RFC821 compliant. Typical failures are MS Exchange and SLmail betas

no domain

    MAIL FROM:<spambag> - no domain, vulnerable machines usually add their local domain 
   RCPT TO:<victim@target>
Typical machines which fail this are Post.Office and Intermail, or improperly setup sendmail 8.8


   MAIL FROM:<spambag@fake.domain>
   RCPT TO:<victim%target@{relay}>
{relay} is tested as [IP.address] IP.address and Heavily exploited by spammers and mailbombers. Most Lotus Notes/Domino installations fail this.
Recently fixed - see /otherresources.cgi Most Novell Groupwise installations fail this no matter what antirelay settings are used. MX (a VMS MTA) will fail this unless the latest version is used. Many badly secured sendmail installations fail this test.
Some cc:mail installations will mailbomb themselves to death with looping mail when this test is carried out. However these are usually the same ones which mailbomb themselves to death with looping mail whenever they receive mail addressed to postmaster@open.relay.


   MAIL FROM:<spambag@fake.domain> 
   RCPT TO:<victim@target@{relay}> 
Variation on the % address routing vulnerability above. not commonly used by spammers (yet).

uupc addressing

   MAIL FROM:<spambag@fake.domain>
   RCPT TO:<target!victim@{relay}>
Mixed UUCP and Internet addressing. Typical failures are Sendmail installations with FEATURE(nouucp) set.


   MAIL FROM:<spambag@fake.domain> 
   RCPT TO:<@{relay}:victim@target>
Another pathing vulnerability attack. Heavily exploited by mailbombers, usually as a multihop attack - RCPT TO:<@{relay1},@{relay2},@{relay3}:victim@target> - however also being used increasingly by spammers.

ORBS does not test the multihop variation.


   MAIL FROM:<fake.domain!spambag>
   RCPT TO:<target!victim>
This is old style UUCP pathing and more commonly used by mailbombers than spammers


   MAIL FROM:<spambag>            
   RCPT TO:<target!victim>

null sender

   MAIL FROM:<> - "NULL sender." 
   RCPT TO:<victim@target>
This envelope must NOT be filtered from local delivery, as it's used for bounce messages, however it must not be allowed to relay.


   MAIL FROM:<spambag@{relay}>
   RCPT TO:<victim@target>
This is the only check most of the online testers actually perform. (This attack used to be the second most common form of spam relaying seen, but is currently rare.)