[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

smtp client not taking the hint

To: zmailer@nic.funet.fi
Subject: smtp client not taking the hint
From: Michael Smith <michael@csuite.ns.ca>
Date: Tue, 14 Sep 1999 23:51:00 -0300 (ADT)
Sender: moses@pentagram.nslug.ns.ca

Hi,

We're running ZMailer 2.99.50-s19. Our backup MX (which we don't
control) is running ZMailer 2.99.51.

The other day we started blocking mail from four Argentinian envelope
sender domains after mass subscribe attempts (they sent a 'lists' command,
then several days later tried to subscribe 4-5 addresses to every list).
We control our smtp-policy.spam file mostly manually, since the ones
the default policy-builder.sh uses are occasionally overzealous (blocking
entire ISP domains instead of just one address).

Today our smtpserver logfile started getting huge because the spammers
switched to a retarded mailserver which tried to send the messages, over
and over again, 14 times per second!

We dropped the route to that host so they started going through our backup
MX, which accepted them. It's now trying over and over again to relay them
to us (fortunately, a factor of 1000 less often than the spammer's relay),
even though smtpserver responds with a 5xx error code. I'm not sure, but
isn't a 5xx error code a permanent failure?

This seems to be a problem with many versions of the smtp client - if one
host has stricter spam restrictions than its backup MX (e.g., we use RBL
and our backup does not), the backup keeps retrying the mail for three
days.

Example transaction:

15491#  connection from borg ipcnt 1 childs 6 ident: root
15491w  220 halifax.chebucto.ns.ca ZMailer Server 2.99.50-s19 #1
ESMTP+IDENT ready at Tue, 14 Sep 1999 23:35:58 -0300
15491#  remote from [129.173.66.61]:57269
15491r  EHLO borg
15491w  250-halifax.chebucto.ns.ca Hello borg
15491w  250-SIZE 4000000
15491w  250-8BITMIME
15491w  250-PIPELINING
15491w  250-CHUNKING
15491w  250-ENHANCEDSTATUSCODES
15491w  250-DSN
15491w  250-X-RCPTLIMIT 10000
15491w  250-ETRN
15491w  250 HELP
15491r  MAIL From:<juanpablocorvalan@hmrsys.com.ar> BODY=8BITMIME SIZE=668
15491#  -- policy result=-1, msg: You are not liked source for email
15491w  453-4.7.1 Policy analysis reported:
15491w  453 4.7.1 You are not liked source for email
15491#  -- pipeline input exists 767 bytes
15491r  RCPT To:<majordomo@chebucto.ns.ca> ORCPT=rfc822;majordomo@chebucto.ns.ca
15491w  553-5.7.1 Access denied by the policy analysis functions.
15491w  553-5.7.1 This may be due to your source IP address,
15491w  553-5.7.1 the IP reversal domain, the data you gave for
15491w  553-5.7.1 the HELO/EHLO parameter, or address/domain
15491w  553 5.7.1 you gave at the MAIL FROM:<...> address.
15491#  -- pipeline input exists 693 bytes
15491r  BDAT 678 LAST

Shouldn't the smtp client take the permanent error code as a rejection and
bounce the message?


BTW, some retarded mail servers seem not to like a 5xx error code at the
start of the conversation:

14919#  connection from defiant.x-networks.net ipcnt 2 childs 4 ident: NO-IDENT-SERVICE[2]
14919w  553-Blackholed - see <URL:http://maps.vix.com/cgi-bin/lookup?216.207.73.180>
14919w  553-If you feel we mistreat you, do contact us.
14919w  553 Ask HELP for our contact information.
14919#  remote from [216.207.73.180]:2370
14919#  -- policyresult=-1 initial policy msg: Blackholed - see <URL:http://maps.vix.com/cgi-bin/lookup?216.207.73.180>
14919r  550 Syntax error
14919w  550 5.5.2 Unknown command '550 Syntax error'
14919r  550 Syntax error
14919w  550 5.5.2 Unknown command '550 Syntax error'
14919r  550 Syntax error
[etc.]

telnet defiant.x-networks.net 25 says:
220 defiant.x-networks.net SMTP Server SLmail 3.2.3108 Ready ESMTP spoken here

Prev by Date: header syntax errors
Next by Date: 2.99.52-pre3 tarball available..
Prev by thread: header syntax errors
Next by thread: 2.99.52-pre3 tarball available..
Index(es):
- Date
- Thread