[Mimedefang] E-mail REJECT problem
Myth Guy
mythhtpc at gmail.com
Wed Jul 23 07:09:32 EDT 2008
This specific e-mail is definitely bypassing the REJECT from
mimedefang. Possible sendmail bug? I'm running sendmail Version
8.14.1
Check the log bellow. It clearly shows that the server
165.145.219.109 is rejected by the mimedefang server.
Jul 23 08:24:04 relay sendmail[30003]: m6N6NvCH030003: Milter:
to=<duane at xxx.com>, reject=554 5.7.1 Connection Refused: Relay Server
(165.145.219.109) blacklisted
Jul 23 08:24:05 relay sendmail[30003]: m6N6NvCH030003: lost input
channel from dsl-145-219-109.telkomadsl.co.za [165.145.219.109] to MTA
after rcpt
Jul 23 08:24:05 relay sendmail[30003]: m6N6NvCH030003:
from=<postcards at hallmark.com>, size=0, class=0, nrcpts=1, proto=ESMTP,
daemon=MTA, relay=dsl-145-219-109.telkomadsl.co.za [165.145.219.109]
On the client server side the e-mail was received as can be seen in the log:
SMTP-Relay
time 1216794269 Wed Jul 23 08:24:29 2008 +120
originator postcards at hallmark.com
originator-domain dsl-145-219-109.telkomadsl.co.za
recipient duane at xxx.com
recipient-target U
mta-message-id 1007.16911216794269.xxx.com
message-size 213035
hop-count 0
summary-target U
The piece of code that is doing the actual reject is as follows (it
runs under filter_recipient):
....
if ($score >= $TotalScoreRBL)
{
$sql="INSERT INTO maillog
(remotedate,sender,recipient,msgID,relayID,relayaddr,spamcount,debug)
VALUES (\"$now\",\"$sender\",\"$recipient\",\"HELO:
$helo\",\"Hostname: $hostname\",\"$ip\",\"RBL Score: $score\",'REJECT:
RBL: ')";
process_sql();
return ('REJECT', "Connection Refused: Relay Server ($ip) blacklisted");
}
......
I get an entry in the database indicating that the e-mail was rejected.
P.S.
The same filter is rejecting other e-mail messages successfully. It
seems that the specific e-mail is bypassing the sendmail reject=554
5.7.1.
On Wed, Jul 23, 2008 at 12:37 PM, Myth Guy <mythhtpc at gmail.com> wrote:
> Thanks for the reply Paul. I get what you are saying, but the code I
> posted is not exactly what I use. I match records from a database
> (and I did not want to post that code since it will complicate
> matters). The point is that I do match hallmark.com and the REJECT
> command is executed. The problem is that the REJECT does not seem to
> stop the e-mail.
>
> Doing some futher testing...
>
>
>
> On Wed, Jul 23, 2008 at 10:55 AM, Paul Murphy
> <Paul.Murphy at argentadiscovery.com> wrote:
>> Your log extract shows the problem:
>>
>>> Jul 23 09:38:21 relay sendmail[7747]: m6N7cA8O007747:
>>> from=<postcards at hallmark.com>, size=0, class=0, nrcpts=1, proto=ESMTP,
>>> daemon=MTA, relay=11.microlink.zm [193.219.229.11] (may be forged)
>>
>> You check for "hallmark.com" with nothing after the ".com" part:
>>
>>> if ($sender =~ /hallmark\.com$/) {
>> return ('REJECT', "Connection Refused: Relay Server ($ip) blacklisted");
>>
>> The message is coming from "<postcards at hallmark.com>" - it has angle brackets on the sender address, which your test fails to take account of - remove the $ and all should be well unless someone has a domain which contains this string (unlikely). Alternatively, remove any brackets from the sender address before testing.
>>
>> Best Wishes,
>>
>> Paul.
>>
>>
>>
>> _______________________________________________________________________
>> Argenta Discovery Ltd, 8-9 Spire Green Centre, Harlow, Essex, CM19 5TR
>> Registered in England No. 3671653
>> _______________________________________________________________________
>>
>> _______________________________________________
>> NOTE: If there is a disclaimer or other legal boilerplate in the above
>> message, it is NULL AND VOID. You may ignore it.
>>
>> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
>> MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
>> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>>
>
More information about the MIMEDefang
mailing list