bug-mailfromd

Date Prev
Date Next
Thread Prev
Thread Next
Date Index
Thread Index

[Bug-mailfromd] things with rejecting in 'prog connect'

To: "bug-mailfromd@xxxxxxxxxx" <bug-mailfromd@xxxxxxxxxx>, Sergey Poznyakoff <gray@xxxxxxxxxx>
Subject: [Bug-mailfromd] things with rejecting in 'prog connect'
From: Marc <Marc@xxxxxxxxxxxxxxxxx>
Date: Sat, 16 Sep 2023 09:05:00 +0000
Authentication-results: gnu.org.ua; spf=pass (gnu.org.ua: domain of f1-outsourcing.eu designates 212.26.193.44 as permitted sender); dkim=pass; header.i=@roosit.eu header.s=rsa header.b=cL6WZzh8
Dkim-signature: v=1;a=rsa-sha256;d=roosit.eu;s=rsa;c=relaxed/relaxed; q=dns/txt; h=From:From:Reply-To:Reply-To:Subject:Subject:Date:Date:To:Cc:Resent-Date :Resent-From:Resent-To:Resent-Cc:In-Reply-To:References:List-Id:List-Help :List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=YYPpecLpJ3SyrU13mrayHtOoPuRKc0Rss3V/yvgocEg=; b=cL6WZzh8ddpP54PZcHlfOMPg/Yzj8Bf1aLIC3DGz4HPNeH1d5A+gWSE8v4Wqlxto4cKcgACTAPk0 aW0AbBDJoN2T+/mTi+I+BDJGvxDb6FD/1m9xOrZlDvb/1yhsSYXRceP+kQca8C0TZjmsOjV0GisHZa xT8Cr1181y07ybnSVJtFL4vgKxeq4oF61Yxnya7PSr80/QBSg1C9AdE1iGgUTq5PAUDkCdEYeKMLU0 Kb1GmrxX3Z+fCkmjQvt9RpjoW2C6q/G9FFVhXfk+yvJBKbhcf0IHcpIAue+eSrOPx+OZYZjZSdnhlq ODx+fIrWtBbiwvsjtUFlgksJ45UH/sdw==;
Thread-index: AdnofGg9m9qX05x1RbS0Z0QNnTR8gQ==
Thread-topic: things with rejecting in 'prog connect'

Hi Sergey, 

I had to start rejecting connections in outgoing mailservers that are known for 'smtp auth abuse'. And use this patched function you send me to check against ($client_addr, "zen.spamhaus.org", "127.0.0.3/32", "127.0.0.4/32"). (PS. I am really pleased with this, because using also the 127.0.0.11 would generate false positives for clients)

I have two 2 things I don't understand.

1. why, if I do the reject in "prog connect", sendmail is still continuing with STARTTLS?

Sep 16 08:37:05 sendmail[113072]: 38G6b49M113072: Milter: connect: host=mail4.zhongrenmu.com, addr=172.245.16.226, rejecting commands
Sep 16 08:37:06 sendmail[113072]: STARTTLS=server, relay=mail4.zhongrenmu.com [172.245.16.226] (may be forged), version=TLSv1.2, verify=NO, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256


2. It looks like this matching is not working sometimes. I have own dns servers that should cache things I guess. So how can it be things are still getting through.

Sep 16 09:56:02 sendmail[223951]: 38G7tulx223951: AUTH failure (LOGIN): authentication failure (-13) SASL(-13): authentication failure: checkpass failed, user=xxxxxxxxx, relay=mail4.zhongrenmu.com [172.245.16.226] (may be forged)
Sep 16 09:56:02 sendmail[223951]: 38G7tulx223951: mail4.zhongrenmu.com [172.245.16.226] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA

I have other entries that were rejected around this time
Sep 16 09:55:59 sendmail[223953]: 38G7twim223953: Milter: connect: host=[41.226.249.14], addr=41.226.249.14, rejecting commands
Sep 16 09:58:11 sendmail[223965]: 38G7wBEQ223965: Milter: connect: host=209-252-170-140.dhcp.imoncommunications.net, addr=209.252.170.140, rejecting commands


Can it be that sendmail is not waiting for the milter to finish?

Best,
Marc


[1]
[@~]# testrbl.sh 172.245.16.226
172.245.16.226
 zen.spamhaus.org 127.0.0.4 "https://www.spamhaus.org/sbl/query/SBLCSS";
"https://www.spamhaus.org/query/ip/172.245.16.226";
 bl.spamcop.net 127.0.0.2 "Blocked - see https://www.spamcop.net/bl.shtml?172.245.16.226";
 dul.rbl-dns.com
 auth.spamrats.com

[@~]# testrbl.sh 41.226.249.14
41.226.249.14
 zen.spamhaus.org 127.0.0.4 "https://www.spamhaus.org/query/ip/41.226.249.14";
"https://www.spamhaus.org/sbl/query/SBLCSS";
 bl.spamcop.net 127.0.0.2 "Blocked - see https://www.spamcop.net/bl.shtml?41.226.249.14";
 dul.rbl-dns.com 127.0.0.3 "Listed in DUL - Dynamic IPs - see https://www.rbl-dns.com/bl?ip=41.226.249.14";
 auth.spamrats.com

[@~]# testrbl.sh 209.252.170.140
209.252.170.140
 zen.spamhaus.org 127.0.0.4 "https://www.spamhaus.org/sbl/query/SBLCSS";
"https://www.spamhaus.org/query/ip/209.252.170.140";
 bl.spamcop.net 127.0.0.2
 dul.rbl-dns.com
 auth.spamrats.com

Follow-Ups:
- Re: [Bug-mailfromd] things with rejecting in 'prog connect'
  - From: Sergey Poznyakoff

Next by Date: Re: [Bug-mailfromd] things with rejecting in 'prog connect'
Next by thread: Re: [Bug-mailfromd] things with rejecting in 'prog connect'
Index(es):
- Date
- Thread