Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

finlandia:~> apropos win win: nothing appropriate.


computers / comp.mail.sendmail / Weird issue scanning subject lines to reject/discard the email

SubjectAuthor
* Weird issue scanning subject lines to reject/discard the emailJobst Schmalenbach
`* Re: Weird issue scanning subject lines to reject/discard the emailClaus Aßmann
 `* Re: Weird issue scanning subject lines to reject/discard the emailJobst Schmalenbach
  `- Re: Weird issue scanning subject lines to reject/discard the emailClaus Aßmann

1
Weird issue scanning subject lines to reject/discard the email

<cd7b400a-2cc9-40f9-bbf6-6e02daae7112n@googlegroups.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=237&group=comp.mail.sendmail#237

 copy link   Newsgroups: comp.mail.sendmail
X-Received: by 2002:a0c:a223:: with SMTP id f32mr8423725qva.8.1624063853842;
Fri, 18 Jun 2021 17:50:53 -0700 (PDT)
X-Received: by 2002:a25:db86:: with SMTP id g128mr19673739ybf.193.1624063853507;
Fri, 18 Jun 2021 17:50:53 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mail.sendmail
Date: Fri, 18 Jun 2021 17:50:53 -0700 (PDT)
Injection-Info: google-groups.googlegroups.com; posting-host=220.233.246.149; posting-account=p7Ao2QoAAAD5FsSLiRNu-tvPNOuE7g_K
NNTP-Posting-Host: 220.233.246.149
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <cd7b400a-2cc9-40f9-bbf6-6e02daae7112n@googlegroups.com>
Subject: Weird issue scanning subject lines to reject/discard the email
From: jobst.sc...@gmail.com (Jobst Schmalenbach)
Injection-Date: Sat, 19 Jun 2021 00:50:53 +0000
Content-Type: text/plain; charset="UTF-8"
 by: Jobst Schmalenbach - Sat, 19 Jun 2021 00:50 UTC

I have this part of my LOCAL_RULESETS in my sendmail.mc.
There are NO ERRORS reported when creating sendmail.cf.

F{FullSubjects} -o /etc/mail/subjects_full
F{PartSubjects} -o /etc/mail/subjects_part
HSubject: $>CheckSubject
SCheckSubject
R$={FullSubjects}$*[TAB]$: REJECTSUBJECT
R$* $={PartSubjects} $*[TAB]$: REJECTSUBJECT
R$* REJECTSUBJECT $*[TAB]$#error $: "553 Access Denied."

In subjects_part I have lots of lines, but for the purpose of this question I give a few examples only (the ones that matter):

bamboo.fiber
its.freya
better.ranking
free.report
free.audit
free.analysis
bamboo.socks

Now ssh'ing into another machine and I use
mail -s "BambOo socks" EMAIL@MYDOMAIN.COM < MSGBODYFILE
mail -s "blah Better ranking blah" EMAIL@MYDOMAIN.COM < MSGBODYFILE
mail -s "better ranking" EMAIL@MYDOMAIN.COM < MSGBODYFILE

the ruleset works perfectly and the email is rejected.
MSGBODYFILE is just a text file containg a few lines of random TXT.

If I use
mail -s "free report" EMAIL@MYDOMAIN.COM < MSGBODYFILE
mail -s "free audit" EMAIL@MYDOMAIN.COM < MSGBODYFILE
mail -s "blah free audit blah" EMAIL@MYDOMAIN.COM < MSGBODYFILE

the ruleset does NOT work, the email will be accepted.

I have absolute no idea why. I tried a few other examples inside the subjects_part file and most of them work, a few do not.

I cannot figure out what the difference is between
better.ranking
and
free.audit
both are TEXT, both are in the same file, both are used using the SAME command, same computer, same OS, same everything.

The only difference are a few chars.

Please help, I cannot spot the difference.
Also how could I debug this?

thanks
Jobst

Re: Weird issue scanning subject lines to reject/discard the email

<sakbnn$3kp$1@news.misty.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=238&group=comp.mail.sendmail#238

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!aioe.org!feeder1.feed.usenet.farm!feed.usenet.farm!tr2.eu1.usenetexpress.com!feeder.usenetexpress.com!tr1.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!news-vm.kithrup.com!news.misty.com!.POSTED!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: Weird issue scanning subject lines to reject/discard the email
Date: Sat, 19 Jun 2021 09:00:39 +0000 (UTC)
Organization: MGT Consulting
Lines: 33
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <sakbnn$3kp$1@news.misty.com>
References: <cd7b400a-2cc9-40f9-bbf6-6e02daae7112n@googlegroups.com>
NNTP-Posting-Host: kiel.esmtp.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: news.misty.com 1624093239 3737 195.244.235.220 (19 Jun 2021 09:00:39 GMT)
X-Complaints-To: abuse@misty.com
NNTP-Posting-Date: Sat, 19 Jun 2021 09:00:39 +0000 (UTC)
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Sat, 19 Jun 2021 09:00 UTC

Jobst Schmalenbach wrote:

> F{FullSubjects} -o /etc/mail/subjects_full

Do not use -o, you want to get an error if there is a problem loading
the file, right?

> I have absolute no idea why. I tried a few other examples inside the subjects_part
> file and most of them work, a few do not.

Did you change the file after you started the daemon?

> Also how could I debug this?

As a start you could log the input for the ruleset, something like:

Klog syslog
....
SCheckSubject
R$* $: $(log subject:$1 $) $1
....

Recent sendmail versions have an FFR to dynamically change debugging
levels, that could be the next step.
_FFR_SETDEBUG_MAP /* setdebug map -- set debug levels */
But sendmail -bt testing could be sufficient.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Re: Weird issue scanning subject lines to reject/discard the email

<34c4a031-d818-4016-aa5a-48f67b26fa84n@googlegroups.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=239&group=comp.mail.sendmail#239

 copy link   Newsgroups: comp.mail.sendmail
X-Received: by 2002:ac8:5815:: with SMTP id g21mr24235316qtg.266.1624281883995;
Mon, 21 Jun 2021 06:24:43 -0700 (PDT)
X-Received: by 2002:a25:660a:: with SMTP id a10mr32548006ybc.178.1624281883804;
Mon, 21 Jun 2021 06:24:43 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mail.sendmail
Date: Mon, 21 Jun 2021 06:24:43 -0700 (PDT)
In-Reply-To: <sakbnn$3kp$1@news.misty.com>
Injection-Info: google-groups.googlegroups.com; posting-host=220.233.246.149; posting-account=p7Ao2QoAAAD5FsSLiRNu-tvPNOuE7g_K
NNTP-Posting-Host: 220.233.246.149
References: <cd7b400a-2cc9-40f9-bbf6-6e02daae7112n@googlegroups.com> <sakbnn$3kp$1@news.misty.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <34c4a031-d818-4016-aa5a-48f67b26fa84n@googlegroups.com>
Subject: Re: Weird issue scanning subject lines to reject/discard the email
From: jobst.sc...@gmail.com (Jobst Schmalenbach)
Injection-Date: Mon, 21 Jun 2021 13:24:43 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
 by: Jobst Schmalenbach - Mon, 21 Jun 2021 13:24 UTC

On Saturday, 19 June 2021 at 19:05:01 UTC+10, Claus Aßmann wrote:
> Jobst Schmalenbach wrote:
> ...
> SCheckSubject
> R$* $: $(log subject:$1 $) $1
> ...

I have a few milters running so I have access to the subject line through them.
However, this way I can see the exact string as it is parsed.
So thanks, Claus.

>
> Recent sendmail versions have an FFR to dynamically change debugging
> levels, that could be the next step.
> _FFR_SETDEBUG_MAP /* setdebug map -- set debug levels */

I am bound to CentOS rpms ... I know I can compile a version myself but
due to time restrictions I just use what is provided, my version is 8.14

> But sendmail -bt testing could be sufficient.

This is a main server, so I need to do this when load is low.

The orginal file had >1400 lines in it as I appended new spam (subject) lines
to the end of the file. I have currently chopped it down to ~950 (mostly from the beginning).

It currently seems to work ... it is rejecting happily all of the lines I have appended lately (last 2 months).
I will replace it with the original file and use the "-bt" switch and see what happens.

thanks

Re: Weird issue scanning subject lines to reject/discard the email

<saqjd8$j19$1@news.misty.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=240&group=comp.mail.sendmail#240

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.snarked.org!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-vm.kithrup.com!news.misty.com!.POSTED!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: Weird issue scanning subject lines to reject/discard the email
Date: Mon, 21 Jun 2021 17:48:24 +0000 (UTC)
Organization: MGT Consulting
Lines: 17
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <saqjd8$j19$1@news.misty.com>
References: <cd7b400a-2cc9-40f9-bbf6-6e02daae7112n@googlegroups.com> <sakbnn$3kp$1@news.misty.com> <34c4a031-d818-4016-aa5a-48f67b26fa84n@googlegroups.com>
NNTP-Posting-Host: kiel.esmtp.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: news.misty.com 1624297704 19497 195.244.235.220 (21 Jun 2021 17:48:24 GMT)
X-Complaints-To: abuse@misty.com
NNTP-Posting-Date: Mon, 21 Jun 2021 17:48:24 +0000 (UTC)
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Mon, 21 Jun 2021 17:48 UTC

Jobst Schmalenbach wrote:

> > But sendmail -bt testing could be sufficient.

> This is a main server, so I need to do this when load is low.

sendmail -bt doesn't add any load, it's just a command line "debugging"
tool. Check the man page (and the content of "helpfile").
You can even copy the binary, the cf file, your "subject" files, etc
to another machine (same OS etc) for testing.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor