[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ZMailer relaying problem

To: zmailer@nic.funet.fi
Subject: Re: ZMailer relaying problem
From: "Alexey Lobanov" <aal@cpr.spb.ru>
Date: Tue, 16 Oct 2001 23:58:04 +0400
In-reply-to: <20011016152634.C29479@scs.ryerson.ca>
Organization: CPR
Original-Recipient: rfc822;zmailer-outgoing
Sender: zmailer-owner@nic.funet.fi

Hi.

Unfortunately, the default canon.cf script contains all required actions 
for proper RFC822 "source-routing", "percent hack", etc. To confirm 
current anti-relay requirements, it should be just simplified and 
cleaned. Matti, may we ask you to do it in default configuration? We are 
not in ARPAnet long ago...

See safe (?) canon.cf from atrium.cor.neva.ru machine in attachment. 
Feel free to test for holes :-). I have also UUCP connections at this 
host; so, "bang"-related stuff is not completely killed and works quite 
good.

Alexey

On 16 Oct 2001 at 15:26, Grace He wrote:

Date sent:      	Tue, 16 Oct 2001 15:26:35 -0400
From:           	Grace He <ghe@scs.ryerson.ca>
To:             	zmailer@nic.funet.fi
Subject:        	ZMailer relaying problem

> Hello,
> 
> I was surprised to find out our mail servers are listed as open relay
> by ordb.org and orbz.org.
> 
> Upon close examining the smtpserver log, I came across the following:
> 
> == Begin ===
> 
> 17595LASKr	MAIL FROM:<spamtest@jupiter.scs.ryerson.ca>
> 17595LASKw	250 2.1.0 Sender syntax Ok
> 17595LASKr	RCPT TO:<"marvin@ordb.org"@[141.117.57.31]>
> 17595LASKw	250 2.1.5 Recipient address syntax Ok
> 17595LASKr	DATA
> 17595LASKw	354 Start mail input; end with <CRLF>.<CRLF>
> 17595LASKw	250 2.6.0 S27257AbRJPSPg message accepted
> 17595LASK#	S27257AbRJPSPg: 1113 bytes
> 17595LASKr	QUIT
> 17595LASKw	221 2.0.0 jupiter.scs.ryerson.ca Out
> 
> == End ===
> 
> How can I stop 
> RCPT TO:<"marvin@ordb.org"@[141.117.57.31]>
> from passing through our mail server?
> 
> One mail server is running zmailer 2.99.52 on Enterprise 450 with
> Solaris 7, and the other zmiler 2.99.55 on sparc 1000 with Solaris 7.
> 
> Thanks,
> 
> Grace He			
> Ryerson University - School of Computer Science	
> Voice : (416) 979-5000, ext. 6697
> Fax   : (416) 979-5064
> -
> To unsubscribe from this list: send the line "unsubscribe zmailer" in
> the body of a message to majordomo@nic.funet.fi
>

# Name Canonicalization
#
# This function is used to transform any RFC822/976 address into a
# well-defined form, namely
#
#	something '@' '<' next-host '>' something
#
# which lets the caller know what the immediately relevant next-host in
# the address is.  The address is first parsed and the appropriate
# next-host focused on, and then that hostname is canonicalized.
#
# The return value is the focused (i.e. including <>) and canonicalized
# (i.e. the focused-on hostname is in canonical form) address.

provide canonicalize


focus (address) {
	local domain tmp seenuucp

	domain=''
	seenuucp=false
	tsift "$address" in
	(.*)<@>(.*)
			canonicalize "\1\2"
			return
			;; # degenerate case
#	(.+)<@(.+)%(.+)>(.*)
#			address="\1%\2<@\3>\4"
#			continue
#			 ;;	# ripple % to @
#	(.+)%(.+)<@($orgdomains)>(.*)
#			address="\1<@\2>\4"
#			continue
#			;;
	(.*)<@\[(.)\]>(.*)
			break
			;;
	(.*)<@(.+)\.uucp>(.*)
			address="\1<@\2>\3"
			seenuucp=true
			continue
			;;
	(.*)<@(.)>([,:])?(.*)
			if [ "\2" = "$uucpname" ]; then
				canonicalize "\1\4" ; return
			elif [ $seenuucp = false ]; then
				domain=$(deliver "\2") ||
				domain=$(canon "\2")
			fi
			;;
	(.*)<@(.+)>(.*)	tmp="\2"
			if [ -z "$domain" ]; then
				ssift "$tmp" in
				.+\.(.+).?
					if [ $(istoplevel "\1") ] ; then
						domain="$tmp"
						break;
					fi
					;;
				.*	if [ $seenuucp = false ]; then
						domain=$(deliver "$tmp") ||
						domain=$(canon "$tmp")
					fi
					;;
				tfiss
			fi
			[ "$domain" ] && address="\1<@$domain>\3"
			;;
	(.*)<@(.)>(.*)	if [ $seenuucp = true ]; then
				address="\1<@\2.uucp>\3"
			fi ;;
	tfist
	echo "$address"
}	# end of focus

#
# Safeguard if canon() is not there
#
case "$(type canon)" in
*"not found")
	canon () { echo "$@" } ;;
esac
#
# Safeguard if deliver() is not there
#
case "$(type deliver)" in
*"not found")
	deliver () { return 1 } ;;
esac


#
# Returns canonical name of the given host
#
canonical (host) {
	local tmp
#
#  Now a big question:
#
#	Do you want to put your system to hold for the DNS lookups at
#	the router, or will you let the SMTP transport agents to handle
#	such things in much more parallel fashion as they can under the
#	scheduler.  If you want to do the holding, use $(canon ..) version.
#
#	If you don't do $(canon ..), this MTA will not rewrite remote
#	hostname CNAME mappings.  (Which IMO isn't all that bad [mea])
#

	tmp="$(deliver "$host")" && return "$tmp"

	# Not locally known, is it multi-component domain with
	# known toplevel ?   If not, lets do $(canon ..) anyway!
	tsift "$host" in
	.+\.(.)
		[ $(istoplevel "\1") ] && return "$host"
		;;
	tfist
	tmp="$(canon "$host")" && return "$tmp"

	return "$host"
}

canonicalize (address) {
	address="$(dequote "$address")"
#
# We need string ssift to detect '|' because '|' is not RFC822 special
#
	ssift "$address" in
	(/.+)@(.+)
		break	# /S=R.SCHNEIDER/OU1=S28A@MHS-FSWA.ATTMAIL.COM
		;;
	((\|.+)|(/.+)|(:include:.+))		# unqouted pipes and files
		echo "$address"			# pass through
		return
		;;
	tfiss

	tsift "$address" in
	((<>)|(:;))
		address="@"			# special case
		break
		;;
	(.*)<@(.*)>(.*)				# defocus
		address="\1@\2\3"
		continue
		;;
#
# RFC822 source routing
#
# @host3,@host2,@host1:user@host
#
#	(@.+),(.+)				# RFC822 source routing
#		address="\1:\2"			# change all "," to ":"
#		continue
#		;;
#	(@.+):(.+:.+)
#		address="\1,\2"			# undo all but the last one
#		continue
#		;;
#	@([^,:]+)([,:].+)			# route-addr
#		address="<@$(canonical "\1")>\2\3"
#		break
#		;;
#
# RFC822 addr-spec (localpart@domain) and variations
#
#	(.*)::(.*)
#		address="\2@\1"			# turn into localpart@domain
#		continue
#		;;
	(.*)@([^@]*.uucp)			# addr-spec host.uucp
		address="\1<@\2>"		# comment out if you want
		break				# canonical uucp names
		;;
	(.*)!(.*)@([^@]*)			# ORBC catch #22
		address="\2<@$(canonical "\3")>"
		break
		;;
	(.*)@([^@]*)				# addr-spec, rightmost '@'
		address="\1<@$(canonical "\2")>"
		break
		;;
#
# By this time localpart only
#
# RFC976 processing: '!' and '%' kludges
#
# a!b!c -> b!c@a
## No! a!b!c -> c@b - for Ache UUPC ? --aal
# a!b%c -> b%c@a
# a%b!c -> a!c@b	leading "%" has more priority than "!"
# a%b%c -> a%b@c
#
# We do not want people to start relying on this really weird routing.
# Comment it out if you do.
#
##	([^!%]*)%([^!%]*)\.([^!%]*)!(.*)	# very unusual case
##		canonicalize "\1!\4@\2.\3"
##		return
##		;;
##	([^!%]*)%([^.!%]*)!(.*)			# very unusual case (uucp node)
##		canonicalize "\1!\3@\2"
##		return
##		;;
#
	(.*)!(.*)<@(.*)>
		canonicalize "\2@\3"
		return
		;;
	(.*)!(.*)!(.*)
		canonicalize "\3@\2"
		return
		;;
	\[(.*)\]!(.*)				# leftmost '!', domain-literal
		canonicalize "\2@\[\1\]"
		return
		;;
	([^!.]*)!(.*)				# leftmost '!', pure uucp
		canonicalize "\2@\1"
		return
		;;
	([^!]*)!(.*)				# leftmost '!', domain uucp
##		canonicalize "\2@\1.uucp"
		canonicalize "\2@\1"
		return
		;;
## ORBC test
##	(.*)%([^%]*)				# rightmost '%', source routing
#		canonicalize "\1@\2"
#		return
#		;;
	tfist

	echo "$address"
}

References:
- ZMailer relaying problem
  - From: Grace He <ghe@scs.ryerson.ca>

Prev by Date: ZMailer relaying problem
Next by Date: Re: ZMailer relaying problem
Prev by thread: ZMailer relaying problem
Next by thread: Re: ZMailer relaying problem
Index(es):
- Date
- Thread