[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: user@[x.x.x.x] reject policy: how?
On Tue, 18 May 1999, Enrique Vadillo wrote:
> Hi,
>
> I am using ZMailer 2.99.50-s5 on Sparc Solaris 2.6 and i would like to
> reject mails from "user@[x.x.x.x]" or alike, my ZMailer server is relaying
> mails from anywhere/anyone who sends "MAIL FROM: <user@[x.x.x.x]>"
> when x.x.x.x is the IP of my ZMailer server..
>
> Beyond that, i want to reject ALWAYS mails from whatever@[n.n.n.n], i don't
> want to relay mails sent that way even if they come from authorized hosts.
>
> My policy works OK for domain NAMES, but not with this "user@[x.x.x.x]"
> format.
>
########## thia may apply only if you are running 2.99.50-s5 #############
This one was just a miserable one ( user@[x.x.x.x] ) and it's what kept
triggering ORBS db inclusion for our site until I hacked out a quick/dirty
patch.
Short of upgrading (since some sites and/or architectures may have
other troubles with recent versions), I hacked out a "HORRIBLE" kludge
to trap this one.
PLEASE NOTE this is NOT good programming practice, but only a quick and
dirty and very localised fix for version 2.99.50-s5 to curb this
particular problem. It will also be very host specific - if you have
multiple machines running smtpserver, each one will need it's own
custom hack:
# diff -u policytest.c-old policytest.c
--- policytest.c-old Sat May 29 11:53:23 1999
+++ policytest.c Sat May 29 11:54:25 1999
@@ -1041,6 +1041,15 @@
state->sender_freeze = 0;
state->sender_norelay = 0;
+ /* LOCAL DIRTY KLUDGE to fight off spammers/ORBS - May 29/1999 */
+
+ if (strstr(str,"[x.x.x.x]")) {
+ state->sender_norelay = 1;
+ state->sender_reject = 1;
+ return -1;
+ }
+
+
if (state->always_reject)
return -1;
if (state->always_freeze)
Make sure you substitute [x.x.x.x] above with the IP address of your
zmailer host and recompile. (horrible, just horrible I know).
Newer zmailer versions have this fixed, but in my case I didn't
want to be forced to upgrade due to other customisations I have in place,
so play with this modification at your own risk.
ORBS is truly perverse about this, but I am now much more aware of
the spamming tricks used, so in a sense, I'm reluctantly grateful to it.
There are about 12 tests that ORBS cycles through (see attached
smtpserver log for ugly details). My modified 2.99.50-s5 zmailer now
sucessfully traps them all - usually right in the SMTP transaction,
but there was at least 1 of them which traps later on in post processing
and sends out a bounce message.
A modification to rrouter.cf was also needed (JUST IN 2.99.50-s5)
to trap 2 nasty RCPT TO: forms - I didn't have an original rrouter.cf
to do a diff, so this is just what I have in there now. I added a
tsift section at the beginning of the rrouter routine:
....
rrouter (address, origaddr, A, plustail, domain) {
local tmp tee didhostexpand priv nattr a
# local seenuucp seenbitnet
# seenuucp=false
# seenbitnet=false
didhostexpand="";
# echo "rrouter: address=$address, origaddr=$origaddr" >> /dev/tty
tsift "$origaddr" in
# deal with "percent redirect"
(.*)%(.*)@(.*)
return (((error percent-redirect "$origaddr" $A))) ;;
# deal with "colon pathing"
@(.*),@(.*):(.*)@(.*)
return (((error colon-pathing "$origaddr" $A))) ;;
tfist
....
The 2 errors ( percent-redirect and colon-pathing ) are merely new files
in the zmailer forms/ tree, and are just copies og the bounce file
(you could just as easily subsitute bounce here if you wish instead of
separating them).
Cheers,
--
James S. MacKinnon Office: P-139 Avadh-Bhatia Physics Lab
Team Physics Voice : (780) 492-8226 [old AC 403]
University of Alberta email : Jim.MacKinnon@Phys.UAlberta.CA
Edmonton, Canada T6G 2N5 WWW : http://www.phys.ualberta.ca/
5470# connection from wwwhost.manawatu.net.nz ipcnt 1 ident: OrbsNtst
5470w 220 relay.phys.ualberta.ca ZMailer Server 2.99.50-s5 #6 ESMTP+IDENT ready at Sat, 29 May 1999 03:22:52 -0600
5470# remote from [202.36.148.5]:30987
5470# -- policyresult=0 initial policy msg: <NONE!>
5470r HELO relaytest.orbs.org
5470w 250 relay.phys.ualberta.ca expected "HELO wwwhost.manawatu.net.nz"
5470r MAIL FROM: <sender@orbs.org>
5470w 250 2.1.0 Sender syntax Ok
5470r RCPT TO: <orbs-relaytest@manawatu.co.nz>
5470# -- policy result=-103, msg: <NONE!>
5470w 453-4.7.1 This target address is not our MX service
5470w 453-4.7.1 client, nor you are connecting from address
5470w 453-4.7.1 that is allowed to openly use us to relay
5470w 453-4.7.1 to any arbitary address thru us.
5470w 453 4.7.1 We don't accept this recipient.
5470# Session closed w/o QUIT
5475# connection from wwwhost.manawatu.net.nz ipcnt 1 ident: OrbsNtst
5475w 220 relay.phys.ualberta.ca ZMailer Server 2.99.50-s5 #6 ESMTP+IDENT ready at Sat, 29 May 1999 03:24:55 -0600
5475# remote from [202.36.148.5]:48139
5475# -- policyresult=0 initial policy msg: <NONE!>
5475r HELO relaytest.orbs.org
5475w 250 relay.phys.ualberta.ca expected "HELO wwwhost.manawatu.net.nz"
5475r MAIL FROM: <sender>
5475w 501-5.5.2 ^
5475w 501 5.5.2 Path data: Missing "@" from mailbox definition
5475# Session closed w/o QUIT
5707# connection from wwwhost.manawatu.net.nz ipcnt 1 ident: OrbsNtst
5707w 220 relay.phys.ualberta.ca ZMailer Server 2.99.50-s5 #6 ESMTP+IDENT ready at Sat, 29 May 1999 03:26:59 -0600
5707# remote from [202.36.148.5]:3852
5707# -- policyresult=0 initial policy msg: <NONE!>
5707r HELO relaytest.orbs.org
5707w 250 relay.phys.ualberta.ca expected "HELO wwwhost.manawatu.net.nz"
5707r MAIL FROM: <sender@orbs.org>
5707w 250 2.1.0 Sender syntax Ok
5707r RCPT TO:<orbs-relaytest%manawatu.co.nz@[129.128.7.238]>
5707# -- policy result=-1, msg: <NONE!>
5707w 553 5.7.1 Policy rejection on the target address
5707# Session closed w/o QUIT
5716# connection from wwwhost.manawatu.net.nz ipcnt 1 ident: OrbsNtst
5716w 220 relay.phys.ualberta.ca ZMailer Server 2.99.50-s5 #6 ESMTP+IDENT ready at Sat, 29 May 1999 03:29:06 -0600
5716# remote from [202.36.148.5]:19724
5716# -- policyresult=0 initial policy msg: <NONE!>
5716r HELO relaytest.orbs.org
5716w 250 relay.phys.ualberta.ca expected "HELO wwwhost.manawatu.net.nz"
5716r MAIL FROM: <sender@orbs.org>
5716w 250 2.1.0 Sender syntax Ok
5716r RCPT TO:<orbs-relaytest%manawatu.co.nz@relay.phys.ualberta.ca>
5716w 250 2.1.5 Recipient address syntax Ok
5716r DATA
5716w 354 Start mail input; end with <CRLF>.<CRLF>
5716w 250 2.6.0 S.rHvBY88155 message accepted
5716# S.rHvBY88155: 969 bytes
5716r QUIT
5716w 221 2.0.0 relay.phys.ualberta.ca Out
5957# connection from wwwhost.manawatu.net.nz ipcnt 1 ident: OrbsNtst
5957w 220 relay.phys.ualberta.ca ZMailer Server 2.99.50-s5 #6 ESMTP+IDENT ready at Sat, 29 May 1999 03:31:10 -0600
5957# remote from [202.36.148.5]:42764
5957# -- policyresult=0 initial policy msg: <NONE!>
5957r HELO relaytest.orbs.org
5957w 250 relay.phys.ualberta.ca expected "HELO wwwhost.manawatu.net.nz"
5957r MAIL FROM: <sender@orbs.org>
5957w 250 2.1.0 Sender syntax Ok
5957r RCPT TO:<@[129.128.7.238]:orbs-relaytest@manawatu.co.nz>
5957# -- policy result=-103, msg: <NONE!>
5957w 453-4.7.1 This target address is not our MX service
5957w 453-4.7.1 client, nor you are connecting from address
5957w 453-4.7.1 that is allowed to openly use us to relay
5957w 453-4.7.1 to any arbitary address thru us.
5957w 453 4.7.1 We don't accept this recipient.
5957# Session closed w/o QUIT
5959# connection from wwwhost.manawatu.net.nz ipcnt 1 ident: OrbsNtst
5959w 220 relay.phys.ualberta.ca ZMailer Server 2.99.50-s5 #6 ESMTP+IDENT ready at Sat, 29 May 1999 03:33:13 -0600
5959# remote from [202.36.148.5]:63500
5959# -- policyresult=0 initial policy msg: <NONE!>
5959r HELO relaytest.orbs.org
5959w 250 relay.phys.ualberta.ca expected "HELO wwwhost.manawatu.net.nz"
5959r MAIL FROM: <sender@orbs.org>
5959w 250 2.1.0 Sender syntax Ok
5959r RCPT TO:<@relay.phys.ualberta.ca:orbs-relaytest@manawatu.co.nz>
5959# -- policy result=-103, msg: <NONE!>
5959w 453-4.7.1 This target address is not our MX service
5959w 453-4.7.1 client, nor you are connecting from address
5959w 453-4.7.1 that is allowed to openly use us to relay
5959w 453-4.7.1 to any arbitary address thru us.
5959w 453 4.7.1 We don't accept this recipient.
5959# Session closed w/o QUIT
6145# connection from wwwhost.manawatu.net.nz ipcnt 1 ident: OrbsNtst
6145w 220 relay.phys.ualberta.ca ZMailer Server 2.99.50-s5 #6 ESMTP+IDENT ready at Sat, 29 May 1999 03:35:17 -0600
6145# remote from [202.36.148.5]:21773
6145# -- policyresult=0 initial policy msg: <NONE!>
6145r HELO relaytest.orbs.org
6145w 250 relay.phys.ualberta.ca expected "HELO wwwhost.manawatu.net.nz"
6145r MAIL FROM: <orbs.org!sender>
6145w 501-5.5.2 ^
6145w 501 5.5.2 Path data: Missing "@" from mailbox definition
6145# Session closed w/o QUIT
6203# connection from wwwhost.manawatu.net.nz ipcnt 1 ident: OrbsNtst
6203w 220 relay.phys.ualberta.ca ZMailer Server 2.99.50-s5 #6 ESMTP+IDENT ready at Sat, 29 May 1999 03:37:21 -0600
6203# remote from [202.36.148.5]:41741
6203# -- policyresult=0 initial policy msg: <NONE!>
6203r HELO relaytest.orbs.org
6203w 250 relay.phys.ualberta.ca expected "HELO wwwhost.manawatu.net.nz"
6203r MAIL FROM: <sender>
6203w 501-5.5.2 ^
6203w 501 5.5.2 Path data: Missing "@" from mailbox definition
6203# Session closed w/o QUIT
6204# connection from wwwhost.manawatu.net.nz ipcnt 1 ident: OrbsNtst
6204w 220 relay.phys.ualberta.ca ZMailer Server 2.99.50-s5 #6 ESMTP+IDENT ready at Sat, 29 May 1999 03:39:24 -0600
6204# remote from [202.36.148.5]:60941
6204# -- policyresult=0 initial policy msg: <NONE!>
6204r HELO relaytest.orbs.org
6204w 250 relay.phys.ualberta.ca expected "HELO wwwhost.manawatu.net.nz"
6204r MAIL FROM: <>
6204w 250 2.1.0 Sender syntax Ok
6204r RCPT TO: <orbs-relaytest@manawatu.co.nz>
6204# -- policy result=-103, msg: <NONE!>
6204w 453-4.7.1 This target address is not our MX service
6204w 453-4.7.1 client, nor you are connecting from address
6204w 453-4.7.1 that is allowed to openly use us to relay
6204w 453-4.7.1 to any arbitary address thru us.
6204w 453 4.7.1 We don't accept this recipient.
6204# Session closed w/o QUIT
6437# connection from wwwhost.manawatu.net.nz ipcnt 1 ident: OrbsNtst
6437w 220 relay.phys.ualberta.ca ZMailer Server 2.99.50-s5 #6 ESMTP+IDENT ready at Sat, 29 May 1999 03:41:30 -0600
6437# remote from [202.36.148.5]:17166
6437# -- policyresult=0 initial policy msg: <NONE!>
6437r HELO relaytest.orbs.org
6437w 250 relay.phys.ualberta.ca expected "HELO wwwhost.manawatu.net.nz"
6437r MAIL FROM: <sender@129.128.7.238>
6437w 501-5.5.2 ^
6437w 501 5.5.2 Path data: Should this be of <dotnum> format ? ( [nn.nn.nn.nn] )
6437# Session closed w/o QUIT
6442# connection from wwwhost.manawatu.net.nz ipcnt 1 ident: OrbsNtst
6442w 220 relay.phys.ualberta.ca ZMailer Server 2.99.50-s5 #6 ESMTP+IDENT ready at Sat, 29 May 1999 03:43:33 -0600
6442# remote from [202.36.148.5]:36366
6442# -- policyresult=0 initial policy msg: <NONE!>
6442r HELO relaytest.orbs.org
6442w 250 relay.phys.ualberta.ca expected "HELO wwwhost.manawatu.net.nz"
6442r MAIL FROM: <sender@[129.128.7.238]>
6442# -- policy result=-1, msg: <NONE!>
6442w 553-5.7.1 Access denied by the policy analysis functions.
6442w 553-5.7.1 This may be due to your source IP address,
6442w 553-5.7.1 the IP reversal domain, the data you gave for
6442w 553-5.7.1 the HELO/EHLO parameter, or address/domain you
6442w 553 5.7.1 gave at the MAIL FROM:<...> address.
6442# Session closed w/o QUIT
6637# connection from wwwhost.manawatu.net.nz ipcnt 1 ident: OrbsNtst
6637w 220 relay.phys.ualberta.ca ZMailer Server 2.99.50-s5 #6 ESMTP+IDENT ready at Sat, 29 May 1999 03:45:38 -0600
6637# remote from [202.36.148.5]:51726
6637# -- policyresult=0 initial policy msg: <NONE!>
6637r HELO relaytest.orbs.org
6637w 250 relay.phys.ualberta.ca expected "HELO wwwhost.manawatu.net.nz"
6637r MAIL FROM: <sender@relay.phys.ualberta.ca>
6637w 250 2.1.0 Sender syntax Ok
6637r RCPT TO: <orbs-relaytest@manawatu.co.nz>
6637# -- policy result=-103, msg: <NONE!>
6637w 453-4.7.1 This target address is not our MX service
6637w 453-4.7.1 client, nor you are connecting from address
6637w 453-4.7.1 that is allowed to openly use us to relay
6637w 453-4.7.1 to any arbitary address thru us.
6637w 453 4.7.1 We don't accept this recipient.
6637# Session closed w/o QUIT