[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
smtp-policy things / DNS tests
Hello,
With the lattest (2.99.49p9snap5) policy code I get better and
better results from the DNS analysis with less mistakes, but
following surprised me somewhat:
25274r MAIL From:<m3ritam@fenix.eselx.ipl.pt> SIZE=3522 BODY=8BITMIME
25274 -- policy result=-102, msg: <NONE!>
25274w 453-4.7.1 Policy analysis reports DNS error with your source domain.
25274w 453 4.7.1 Please correct your source address and/or the info at the DNS.
The thing is, code queries at first for MX, and that yields
SERVFAIL! If it would have queried for A nevertheless, it
would have gotten it, and perhaps accepted this one.
The smtp-transport agent does "So you got SERVFAIL for MX,
ask for A anyway" routine.
The question is, how helpfull and error tolerant we need to be
at the input analysis ?
On the TEST-DNS-RBL front, it seems to work, but Vixie's pages
are giving me now "Access Denied" ( http://maps.vix.com/rbl/ )
25291# connection from [209.136.134.12] ident: root
25291w 553-mailhost.utu.fi - You are on our reject-IP-address -list, GO AWAY!
25291w 553-If you feel we mistreat you, do contact us.
25291w 553 Ask HELP for our contact information.
25291# remote from [209.136.134.12]
25291# -- policyresult=-1 initial policy msg: Blackholed - see <URL:http://maps.vix.com/cgi-bin/lookup?12.134.136.209>
25291r QUIT
25291w 221 2.0.0 mailhost.utu.fi Out
That "initial policy msg" text is incorrect, though.
The DNS lookup yields:
;; ANSWERS:
12.134.136.209.rbl.maps.vix.com. 300 A 127.0.0.2
12.134.136.209.rbl.maps.vix.com. 300 TXT "Blackholed - see <URL:http://maps.vix.com/cgi-bin/lookup?209.136.134.0>"
which means I have to add code to retrieve the TXT records.
(And to use them too..)
On "hijacked relays" front:
26640# connection from panther.bsc.edu ident: NO-IDENT-SERVICE
26640w 220 mailhost.utu.fi ZMailer Server 2.99.49p9s4 #13 ESMTP+IDENT ready at Sat, 29 Nov 1997 10:52:57 +0200
26640# remote from [137.220.1.6]
26640# -- policyresult=0 initial policy msg: <NONE!>
26640r HELO panther.bsc.edu
26640 -- policy result=0, msg: <NONE!>
26640w 250 mailhost.utu.fi Hello panther.bsc.edu
26640r MAIL From:<money@bucks.com>
26640 -- policy result=-102, msg: <NONE!>
26640w 453-4.7.1 Policy analysis reports DNS error with your source domain.
26640w 453 4.7.1 Please correct your source address and/or the info at the DNS.
26640r QUIT
26640w 221 2.0.0 mailhost.utu.fi Out
I have the default behaviour with "SENDEROKWITHDNS +",
which means soft footines (not having trusted on the
code enough) -- using "SENDEROKWITHDNS -" would yield
instant "553 5.7.1 ..." rejection instead of this
tentative one.
/Matti Aarnio <mea@nic.funet.fi>