[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: open relay
On Wed, Jun 25, 2003 at 02:16:33PM +0200, Robert Kurjata wrote:
> Previously:
...
> So am I, zmailer 2.99.51 (alas it needs to be that version, cause it
> is a very old system and newer version denies to compile properly
> (everything is too old)) and I got into RBL so the things are getting
> urgent. This is the only test my system failed.
Well, "too old" is only relative. We could (should, IMO) improve
the compilation to be able to compile in your system, too.
ZMailer's basic ideas include capability to function in "ancient"
systems, perhaps not with best possible performance, but at least
somehow.
> My 2.99.55-patch1 seems to be ok. Rejects corectly with "no such user".
>
> Is there anything I can do to prevent being an open relay thus
> removing my system form RBL??
Kludge would be to list the tester's domain in fqdnalias database:
@testrcpt.dom: nobody
thus directing all such traffic to /dev/null -- but that would not
prevent actual abusive relaying...
.. and a while latter I had another idea, see further below.
> For me it seems that there is some issue with thishost ??
Mostly that is due to semantic things deep inside the router script
interpreter, which in its ssift and tsift primitives does strip
double-quotes from around an address -- even when it really should not.
> Matti can you help??
Send me configuration and compilation process printout (logged under
e.g. 'script' utility), and config.log file. Those should give me
pointers about what is biting you.
I will comment a bit further in this trace extract:
> ---- TRACE BELOW -------- READ IF NEEDED :) -----------------------
...
> condquote "robert@yahoo.com"
> address='"robert@yahoo.com"'
> scomparing '^"(.*)"<(.*)$' and 'robert@yahoo.com'
> scomparing '^"(.*)">(.*)$' and 'robert@yahoo.com'
> scomparing '^([\"].*[\"])<(.*)$' and 'robert@yahoo.com'
> scomparing '^([\"].*[\"])>(.*)$' and 'robert@yahoo.com'
> canonicalize '"robert@yahoo.com"'
> dequote "robert@yahoo.com"
> address=robert@yahoo.com
In canon.cf canonicalize() function, there is $(dequote ..) call
line. Comment that away. Unfortunately it isn't enough, as you can
see above, `` ssift "$address" in '' will internally strip paired
outer quotes, which is BAD THING in this case!
Hmm.. Ah, lets hack: Rewrite the beginning of the canonicalize() as:
canonicalize (address) {
# address="$(dequote -- "$address"))"
ssift "$address" in
(.*) # This will ALWAYS match any input
if [ "$address" != "\1" ] ; then
# Inside and outside ssift the value changed,
# most likely due to double-quotes around it!
# Return it as it is.
echo -- "$address"
return
fi
;;
tfiss
.... rest of the canonicalize() function
}
> scomparing '^(/.+)@(.+)$' and 'robert@yahoo.com'
> scomparing '^((\|.+)|(/.+)|(:include:.+))$' and 'robert@yahoo.com'
> tcomparing '^((<>)|(:;))$' and 'robert@yahoo.com'
> tcomparing '^(.*)<@(.*)>(.*)$' and 'robert@yahoo.com'
> tcomparing '^(@.+),(.+)$' and 'robert@yahoo.com'
> tcomparing '^(@.+):(.+:.+)$' and 'robert@yahoo.com'
> tcomparing '^@([^,:]+)([,:].+)$' and 'robert@yahoo.com'
> tcomparing '^(.*)::(.*)$' and 'robert@yahoo.com'
> tcomparing '^(.*)@([^@]*.uucp)$' and 'robert@yahoo.com'
> tcomparing '^(.*)@([^@]*)$' and 'robert@yahoo.com'
> tmatched '^(.*)@([^@]*)$' and 'robert@yahoo.com'
.....
> --
> Greetings,
> Robert mailto:rkurjata@ire.pw.edu.pl
--
/Matti Aarnio <mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi
- Follow-Ups:
- Re: open relay
- From: Robert Kurjata <rkurjata@ire.pw.edu.pl> (Wed, 25 Jun 2003 20:01:52 +0300)