[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: open relay
Witaj Matti,
W Twoim liście datowanym 26 czerwca 2003 (10:08:53) można przeczytać:
MA> On Thu, Jun 26, 2003 at 09:20:59AM +0200, Robert Kurjata wrote:
>> Witaj Matti,
>> W Twoim liście datowanym 25 czerwca 2003 (19:51:37) można przeczytać:
>> MA> On Wed, Jun 25, 2003 at 07:00:40PM +0200, Robert Kurjata wrote:
>> >> Cytowanie Matti Aarnio <mea@nic.funet.fi>:
>> >> It is old. kernel 2.0.35 (1999 y.), gcc 2.7.2.1 :)
>>
>> MA> That does not matter, I did have similar box way back..
>> MA> I don't have it at hand anymore.
>>
>> >> [Cut out a part]
>> MA> ...
>> >> So it works, but: Zmailer is treating this as a local address and
>> >> send bounce mail back which may be abused too. He still accepts mail
>> >> (250 OK).
>> >> Shouldn't he check it differently?? eg. returning
>> >> Relaying Denied or User Unknown
>>
>> MA> That is generic problem in case of disjoint smtp receiver vs. routing.
>> MA> Running fully interactive testing routing could be used to solve
>> MA> the question, but it is rather heavy-handed approach.
>>
>> I know. This one machine is rather light loaded, so it would not be
>> the problem about load. But is it possible to do it that way.
MA> It should be possible. Lets see.. At the end of aliases.cf file
MA> ( $MAILSHARE/cf/aliases.cf ) I have currently following script:
MA> --------------------------------
MA> #
MA> # Problem below is that '$(homedirectory )' function can't quite
MA> # be overridden in virtual-ISP mode, where "/etc/passwd" isn't
MA> # the real account database...
MA> #
MA> if [ -z "$ROUTEUSER_IN_ABNORMAL_UNIX" ] ; then
MA> # Ending case: If not POBOX, nor homedirectory defined, then
MA> # fall to "error" case below.
MA> case "${hashomedir}x$POBOX" in
MA> 1x) db add expansions "$key" local
MA> if [ -z "$localdoesdomain" ]; then
MA> domain=""
MA> fi
MA> quad=($chan "$host" "$user$plustail$domain" $attr)
MA> returns (($quad))
MA> ;;
MA> esac
MA> else
MA> # Ending case: If not POBOX, then fall to "error" case below.
MA> case "x$POBOX" in
MA> x) db add expansions "$key" local
MA> if [ -z "$localdoesdomain" ]; then
MA> domain=""
MA> fi
MA> quad=($chan "$host" "$user$plustail$domain" $attr)
MA> returns (($quad))
MA> ;;
MA> esac
MA> fi
MA> returns (((error nosuchuser "$user$plustail$domain" $attr)))
MA> }
MA> --------------------------------
MA> Weeding that our a bit, not defining (or defining empty value)
MA> for ZENV variable ROUTEUSER_IN_ABNORMAL_UNIX= does return
MA> processed address quad, if user has a home-directory.
MA> (Also, no POBOX mechanism is used..)
MA> If user does not have a home directory, an 'error' channel result
MA> is returned.
MA> After adding that, what is also needed is activation of interactive router
MA> in the smtpserver (several places to edit), at smtpserver.conf:
MA> a) PARAM enable-router (uncomment it)
MA> b) Add characters "f" and "t" to the "style-flags" at the end
MA> of the of the file; e.g.:
MA> * 999 veR --> * 999 ftveR
MA> there are possibly other patterns in there, too.
I will chceck it later (machine is on leased 128kbit line so it is
stressing to work during the workday :)
But looks promising .....
Thx.
MA> ...
>> MA> Now did you ? Into which blacklist ? I do think your case was due to
>> MA> ssift/tsift stripping double-quotes from around localpart addresses
>> MA> in canonicalize() function.
>>
>> There were really 2 issues. I got on the blacklist because of those
>> bounces and someone got nervous (just not reading what he got),
>> mail-abuse.org checked my host and figured out that in one test
>> the host accepted relay mail.
>> So the second issue was stripping double quotes with which you
>> succesfully helped. Now I'm trying to get off the blacklist :)
>>
>> >> What do you think about it?
>>
>> MA> (... presuming that really is about "forced bounces" ...)
>>
>> MA> That whoever thought up that kind of listings should check
>> MA> their head. All firewalled sites with frontend MTA doing
>> MA> inbound relaying without actual inside knowledge would then
>> MA> be blacklisted... Pick any site having multiple MX servers,
>> MA> which never accepts email direct from the world, but gets
>> MA> feed from ISP's backup MX MTA.
>>
>> We will see now. I'm trying to get off the list. Even I, still not
>> having full checking, won't pass their test #24. (But this time they
>> souldn't get mail only the bounce)
MA> I sure hope they want to see through going email, and not merely bounces,
MA> or (worse), partial results from poorly thought up tests.
We'll see :)
>> >> Robert Kurjata mailto:rkurjata@ire.pw.edu.pl
>> --
>> Pozdrowienia,
>> Robert mailto:rkurjata@ire.pw.edu.pl
--
Pozdrowienia,
Robert mailto:rkurjata@ire.pw.edu.pl
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi