[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
smtp-policy things / DNS tests
With the lattest (2.99.49p9snap5) policy code I get better and
better results from the DNS analysis with less mistakes, but
following surprised me somewhat:
25274r MAIL From:<email@example.com> SIZE=3522 BODY=8BITMIME
25274 -- policy result=-102, msg: <NONE!>
25274w 453-4.7.1 Policy analysis reports DNS error with your source domain.
25274w 453 4.7.1 Please correct your source address and/or the info at the DNS.
The thing is, code queries at first for MX, and that yields
SERVFAIL! If it would have queried for A nevertheless, it
would have gotten it, and perhaps accepted this one.
The smtp-transport agent does "So you got SERVFAIL for MX,
ask for A anyway" routine.
The question is, how helpfull and error tolerant we need to be
at the input analysis ?
On the TEST-DNS-RBL front, it seems to work, but Vixie's pages
are giving me now "Access Denied" ( http://maps.vix.com/rbl/ )
25291# connection from [18.104.22.168] ident: root
25291w 553-mailhost.utu.fi - You are on our reject-IP-address -list, GO AWAY!
25291w 553-If you feel we mistreat you, do contact us.
25291w 553 Ask HELP for our contact information.
25291# remote from [22.214.171.124]
25291# -- policyresult=-1 initial policy msg: Blackholed - see <URL:http://maps.vix.com/cgi-bin/lookup?126.96.36.199>
25291w 221 2.0.0 mailhost.utu.fi Out
That "initial policy msg" text is incorrect, though.
The DNS lookup yields:
188.8.131.52.rbl.maps.vix.com. 300 A 127.0.0.2
184.108.40.206.rbl.maps.vix.com. 300 TXT "Blackholed - see <URL:http://maps.vix.com/cgi-bin/lookup?220.127.116.11>"
which means I have to add code to retrieve the TXT records.
(And to use them too..)
On "hijacked relays" front:
26640# connection from panther.bsc.edu ident: NO-IDENT-SERVICE
26640w 220 mailhost.utu.fi ZMailer Server 2.99.49p9s4 #13 ESMTP+IDENT ready at Sat, 29 Nov 1997 10:52:57 +0200
26640# remote from [18.104.22.168]
26640# -- policyresult=0 initial policy msg: <NONE!>
26640r HELO panther.bsc.edu
26640 -- policy result=0, msg: <NONE!>
26640w 250 mailhost.utu.fi Hello panther.bsc.edu
26640r MAIL From:<firstname.lastname@example.org>
26640 -- policy result=-102, msg: <NONE!>
26640w 453-4.7.1 Policy analysis reports DNS error with your source domain.
26640w 453 4.7.1 Please correct your source address and/or the info at the DNS.
26640w 221 2.0.0 mailhost.utu.fi Out
I have the default behaviour with "SENDEROKWITHDNS +",
which means soft footines (not having trusted on the
code enough) -- using "SENDEROKWITHDNS -" would yield
instant "553 5.7.1 ..." rejection instead of this
/Matti Aarnio <email@example.com>