[Mimedefang] "<>" problem

Jobst Schmalenbach jobst at barrett.com.au
Mon Aug 30 23:24:53 EDT 2010 

Hi

Lately I see more and more "<>" coming in and getting through, in some cases they are proper return receipts.

Further, some of those spammers actually RESEND after the first rejection of the grey-milter, waiting sometimes 20mins between resends beating my grey-milter setup.

Now I have TWO email addresses, jhs(business) and jobst(mailinglists) and in the mail below the envelope FROM <> ends being replaced by jhs, REALLY strange!

The log below are from my gateway, just redirecting emails as need be (to internal machines).

I filter all email with mime defang and I block ANYTHING coming with an ENVELOPE FROM from our domain, no exception.

This one has gotten through, although the "From: linda at MYDOMAIN.com.au" is within the email but does not exist. BTW, I searched in every log on every machine for "linda" and for "soheart" etc, but this is the only one. Besides the internal servers all have a "sendmail smarthost (the gateway)" setup so they are pretty dumm.



How can I make sure I stop EMPTY envelope addresses but don't kill return receipts?




This thingos produce following header:

!!!  From jhs at internmail.MYDOMAIN.com.au  Tue Aug 31 01:10:32 2010
     Return-Path: <MAILER-DAEMON at MYDOMAIN.com.au>
     Received: from mail.MYDOMAIN.com.au (internmail.MYDOMAIN.com.au [192.168.1.1])
       by internmail.MYDOMAIN.com.au (8.13.8/8.14.1) with ESMTP id o7UFAdCw026283
       for <jobst at internmail.MYDOMAIN.com.au>; Tue, 31 Aug 2010 01:10:39 +1000
     Received: from mail.soheart.com (mail.MYDOMAIN.com.au [150.101.215.42])
       by mail.MYDOMAIN.com.au (8.13.8/8.13.8) with ESMTP id o7UFAWs9031632
       for <jobst at MYDOMAIN.com.au>; Tue, 31 Aug 2010 01:10:38 +1000
     Date: Tue, 31 Aug 2010 01:10:32 +1000
     Message-Id: <201008301510.o7UFAWs9031632 at mail.MYDOMAIN.com.au>
     Received: from host30-148-dynamic.54-79-r.retail.telecomitalia.it (host30-148-dynamic.54-79-r.retail.telecomitalia.it 
     [79.54.148.30]) by mail.soheart.com with SMTP;
        Mon, 30 Aug 2010 10:56:35 -0400
!!!  From: linda at MYDOMAIN.com.au
     To: jobst at MYDOMAIN.com.au
     Subject: Have as much lenghth as you dream!
     X-Greylist: Delayed for 00:15:09 by milter-greylist-3.0a1 (mail.MYDOMAIN.com.au [150.101.215.42]); Tue, 31 Aug 2010 01:10:39 +1000 (EST)
     X-Scanned-By: MIMEDefang 2.63 on 150.101.215.42


Looking at the maillog this is what I see:

     Aug 31 01:10:32 mail sendmail[31632]: o7UFAWs9031632: Milter (greylist): init success to negotiate
     Aug 31 01:10:32 mail sendmail[31632]: o7UFAWs9031632: Milter (mimedefang): init success to negotiate
     Aug 31 01:10:32 mail sendmail[31632]: o7UFAWs9031632: Milter (clamav): init success to negotiate
     Aug 31 01:10:32 mail sendmail[31632]: o7UFAWs9031632: Milter: connect to filters
     Aug 31 01:10:32 mail mimedefang.pl[32400]: filter relay    : <64.88.187.126> <mail.soheart.com> <>
     Aug 31 01:10:32 mail mimedefang.pl[32400]: filter relay    : <64.88.187.126> <mail.soheart.com> <> Continue checking ..... 
     Aug 31 01:10:38 mail mimedefang.pl[10335]: filter sender   : <>, 64.88.187.126, mail.soheart.com, mail.soheart.com
     Aug 31 01:10:38 mail mimedefang.pl[10335]: filter sender   : 64.88.187.126 NOT DOMAIN based, <> IS NOT external domain based, continue checking .... 
     Aug 31 01:10:38 mail milter-greylist: o7UFAWs9031632: addr 64.88.187.126 from <> rcpt <jobst at MYDOMAIN.com.au>: autowhitelisted for 720:00:00
     Aug 31 01:10:38 mail mimedefang.pl[10335]: filter recipient: <jobst at MYDOMAIN.com.au>, <>, 64.88.187.126, mail.soheart.com, <jobst at MYDOMAIN.com.au>, mail.soheart.com, ?, ?, ?
     Aug 31 01:10:39 mail sendmail[31632]: o7UFAWs9031632: from=<>, size=385, class=0, nrcpts=1, msgid=<201008301510.o7UFAWs9031632 at mail.MYDOMAIN.com.au>, proto=ESMTP, daemon=MTA, relay=mail.soheart.com [64.88.187.126]
     Aug 31 01:10:39 mail sendmail[31632]: o7UFAWs9031632: Milter add: header: X-Greylist: Delayed for 00:15:09 by milter-greylist-3.0a1 (mail.MYDOMAIN.com.au [150.101.215.42]); Tue, 31 Aug 2010 01:10:39 +1000 (EST)
     Aug 31 01:10:39 mail mimedefang.pl[10335]: filter main     : 64.88.187.126 NOT DOMAIN based -> continue checking ..
     Aug 31 01:10:39 mail mimedefang.pl[10335]: MDLOG,o7UFAWs9031632,mail_in,,,<>,<jobst at MYDOMAIN.com.au>,Have as much lenghth as you dream!
     Aug 31 01:10:39 mail sendmail[31632]: o7UFAWs9031632: Milter add: header: X-Scanned-By: MIMEDefang 2.63 on 150.101.215.42
     Aug 31 01:10:39 mail sendmail[31632]: o7UFAWs9031632: Milter accept: message
     Aug 31 01:10:39 mail sendmail[31638]: o7UFAWs9031632: to=jobst at internmail.MYDOMAIN.com.au, delay=00:00:01, xdelay=00:00:00, mailer=esmtp, pri=30882, relay=internmail.MYDOMAIN.com.au. [192.168.0.1], dsn=2.0.0, stat=Sent (o7UFAdCw026283 Message accepted for delivery)












-- 
Road to hell is paved with NAND gates.

  | |0| |   Jobst Schmalenbach
  | | |0|   Barrett Consulting Group P/L & The Meditation Room P/L
  |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia

More information about the MIMEDefang mailing list