[Mimedefang] interaction between sendmail 'access' check and MdF's milter checks

Gary Funck gary at intrepid.com
Thu Jun 9 22:35:35 EDT 2005



Hello,

We're receiving daily "log watch" logs from a misconfigured system, apparently
hanging off a big ISP.  That system ironically seems to have the same name our
our domain and due to misconfiguration the mail comes in looking more/less
like it came from our system, except of course, the Received line at our
mail demarcation point shows that the mail was sent from the errant system.

We currently implement blacklisting via sendmail's "access.db" file, so I
addeed the culprit's IP address there.  I've verified that access.db was
rebuilt and that the IP address is listed there:

$ makemap -u hash access.db | grep 1.2.3.4
1.2.3.4   REJECT

I've obfuscated the IP address to protect the guilty.

I know the access list in general is working properly because blacklisted
IP rejections are listed in the mail log file.

However, mail from 1.2.3.4 is still coming in.  Since the from line
lists root at example.com (where example.com is our domain), perhaps that
is causing confusion.  I've verified that root isn't listed as a SPAMFRIEND.

On our system we've enabled FEATURE(`delay_checks', `friend').

So, what I don't get, is why the IP address isn't getting bounced with the
access.db check.  Do milter checks override the access.db mechanism?

Here's what the obfuscated mail log entries look like:

Jun  9 17:05:05 example mimedefang.pl[11128]: RELAY: <1.2.3.4> <c-1.2.3.4.xxx.yyy.
example.net>
Jun  9 17:05:05 example mimedefang.pl[11128]: MDLOG,j5A055tX013534,grey_white,0,1.
2.3.4,root at example.com,root at example.com,?
Jun  9 17:05:05 example sendmail[13534]: j5A055tX013534: from=<root at example.com>, size=12162, class=0, nrcpts=1,
msgid=<200506101102.j5AB246n008680 at example.com>, pr
oto=ESMTP, daemon=MTA, relay=c-1.2.3.4.xxx.yyy.example.net [1.2.3.4]

above, example.com is our site, and example.net is the ISP that hosts the errant system.

Any ideas what might be going?





More information about the MIMEDefang mailing list