Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

If loving linux is wrong, I dont wanna be right. -- Topic for #LinuxGER

computers / comp.mail.sendmail / Re: Fixing feature(enhdnsbl) so that a rate-limit response doesn't cause dropped mail

SubjectAuthor
* Fixing feature(enhdnsbl) so that a rate-limit response doesn't causeGushi
+- Re: Fixing feature(enhdnsbl) so that a rate-limit response doesn'tMarco Moock
`* Re: Fixing feature(enhdnsbl) so that a rate-limit response doesn't causeClaus Aßmann
 `* Re: Fixing feature(enhdnsbl) so that a rate-limit response doesn'tGushi
  `- Re: Fixing feature(enhdnsbl) so that a rate-limit response doesn'tClaus Aßmann

1
Fixing feature(enhdnsbl) so that a rate-limit response doesn't cause dropped mail

<f7323bb3-a79f-45e8-a5e3-10fd292f0681n@googlegroups.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=778&group=comp.mail.sendmail#778

  copy link   Newsgroups: comp.mail.sendmail
X-Received: by 2002:ad4:57a5:0:b0:640:32db:a78b with SMTP id g5-20020ad457a5000000b0064032dba78bmr115483qvx.9.1692782410537;
Wed, 23 Aug 2023 02:20:10 -0700 (PDT)
X-Received: by 2002:a17:90b:249:b0:26d:1f4c:a608 with SMTP id
fz9-20020a17090b024900b0026d1f4ca608mr3100013pjb.5.1692782410251; Wed, 23 Aug
2023 02:20:10 -0700 (PDT)
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mail.sendmail
Date: Wed, 23 Aug 2023 02:20:09 -0700 (PDT)
Injection-Info: google-groups.googlegroups.com; posting-host=76.135.172.161; posting-account=qXl1yQkAAADmb5HrcoNRAXZSj83NFfK_
NNTP-Posting-Host: 76.135.172.161
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <f7323bb3-a79f-45e8-a5e3-10fd292f0681n@googlegroups.com>
Subject: Fixing feature(enhdnsbl) so that a rate-limit response doesn't cause
dropped mail
From: gushimai...@gmail.com (Gushi)
Injection-Date: Wed, 23 Aug 2023 09:20:10 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 1576
 by: Gushi - Wed, 23 Aug 2023 09:20 UTC

Hey there,

It looks like right now, occasionally, spamhaus will return a code of 127.255.255.255 or 127.255.255.254 if you are querying them too much, or if you're doing so (perhaps inadvertently) via a public resolver, as I had managed to do on one newly installed box.

It would be great if the enhdnsbl code had overrides that could ignore these specific codes, rather than simply blocking on ANY returned A record from the BL zone.

How difficult would this be to implement?

Re: Fixing feature(enhdnsbl) so that a rate-limit response doesn't cause dropped mail

<uc4kf0$2s741$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=779&group=comp.mail.sendmail#779

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: mo0...@posteo.de (Marco Moock)
Newsgroups: comp.mail.sendmail
Subject: Re: Fixing feature(enhdnsbl) so that a rate-limit response doesn't
cause dropped mail
Date: Wed, 23 Aug 2023 11:45:04 +0200
Organization: A noiseless patient Spider
Lines: 40
Message-ID: <uc4kf0$2s741$1@dont-email.me>
References: <f7323bb3-a79f-45e8-a5e3-10fd292f0681n@googlegroups.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Injection-Date: Wed, 23 Aug 2023 09:45:05 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="91fe2df983741d2e47c219fc146ccd85";
logging-data="3021953"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+Ijz4jBrLsgjfaGijgQdQY"
Cancel-Lock: sha1:1HI6h2p+JeX63+cZUSlvW7thWeI=
 by: Marco Moock - Wed, 23 Aug 2023 09:45 UTC

Am 23.08.2023 um 02:20:09 Uhr schrieb Gushi:

> Hey there,
>
> It looks like right now, occasionally, spamhaus will return a code of
> 127.255.255.255 or 127.255.255.254 if you are querying them too much,
> or if you're doing so (perhaps inadvertently) via a public resolver,
> as I had managed to do on one newly installed box.
>
> It would be great if the enhdnsbl code had overrides that could
> ignore these specific codes, rather than simply blocking on ANY
> returned A record from the BL zone.
>
> How difficult would this be to implement?

In sendmail 4th edition 7.2.2 (pdf page 288ff)

Maybe that is helpful for you:

| Here, the address is the IP address of the sending host. The
| dialups.mail-abuse.org matches the lookup host specified in the second
| argument to the FEATURE(enhdnsbl). If the t were omitted, as for
| example: FEATURE(enhdnsbl,`dialups.mail-abuse.org´, `"550 dial-up site
| refused"´, ,`127.0.0.3.´)
| temporary lookups will be ignored and the message will be accepted.
| The fourth argument is the expected result of the lookup. For the
| lookup host dialups.mail-abuse.org, a successful lookup (one that means
| the message should be rejected) will return the address 127.0.0.3.
| Different lookup hosts will return differ- ent addresses on success, so
| you will need to visit the appropriate web site to deter- mine the
| address to match. If the address is omitted from the FEATURE(enhdnsbl),
| any successfully returned address will cause the message to be
| rejected. If more than one address can be returned, you can list up to
| five more following the first one. In the following, we list three
| possible returned addresses (the line is wrapped to fit the page):
| FEATURE(enhdnsbl,`dialups.mail-abuse.org´, `"550 dial-up site
| refused"´, ,`127.0.0.1.´, `127.0.0.2.´, `127.0.0.3.´)

Re: Fixing feature(enhdnsbl) so that a rate-limit response doesn't cause dropped mail

<uc4lik$a3l$1@news.misty.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=780&group=comp.mail.sendmail#780

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: Fixing feature(enhdnsbl) so that a rate-limit response doesn't cause
dropped mail
Date: Wed, 23 Aug 2023 06:04:04 -0400 (EDT)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <uc4lik$a3l$1@news.misty.com>
References: <f7323bb3-a79f-45e8-a5e3-10fd292f0681n@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 23 Aug 2023 10:04:04 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="10357"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Wed, 23 Aug 2023 10:04 UTC

Gushi wrote:

> It would be great if the enhdnsbl code had overrides that could ignore
> these specific codes, rather than simply blocking on ANY returned A
> record from the BL zone.

> How difficult would this be to implement?

Seems someone already did something like that...
and it is documented it in cf/README:

enhdnsbl Enhanced version of dnsbl (see above). Further arguments
(up to 5) can be used to specify specific return values
from lookups. Temporary lookup failures are ignored unless
[[ read on for details ... ]]

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Re: Fixing feature(enhdnsbl) so that a rate-limit response doesn't cause dropped mail

<f48cd77d-108d-4a65-a602-6dd9ff9903ebn@googlegroups.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=784&group=comp.mail.sendmail#784

  copy link   Newsgroups: comp.mail.sendmail
X-Received: by 2002:ad4:55d0:0:b0:63f:be4f:160a with SMTP id bt16-20020ad455d0000000b0063fbe4f160amr25928qvb.3.1693377750209;
Tue, 29 Aug 2023 23:42:30 -0700 (PDT)
X-Received: by 2002:a05:6a00:1406:b0:68b:dfef:de87 with SMTP id
l6-20020a056a00140600b0068bdfefde87mr536085pfu.4.1693377749568; Tue, 29 Aug
2023 23:42:29 -0700 (PDT)
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mail.sendmail
Date: Tue, 29 Aug 2023 23:42:28 -0700 (PDT)
In-Reply-To: <uc4lik$a3l$1@news.misty.com>
Injection-Info: google-groups.googlegroups.com; posting-host=2601:602:87f:b05d:d195:d68a:6ed1:3cd4;
posting-account=qXl1yQkAAADmb5HrcoNRAXZSj83NFfK_
NNTP-Posting-Host: 2601:602:87f:b05d:d195:d68a:6ed1:3cd4
References: <f7323bb3-a79f-45e8-a5e3-10fd292f0681n@googlegroups.com> <uc4lik$a3l$1@news.misty.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <f48cd77d-108d-4a65-a602-6dd9ff9903ebn@googlegroups.com>
Subject: Re: Fixing feature(enhdnsbl) so that a rate-limit response doesn't
cause dropped mail
From: gushimai...@gmail.com (Gushi)
Injection-Date: Wed, 30 Aug 2023 06:42:30 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 7051
 by: Gushi - Wed, 30 Aug 2023 06:42 UTC

On Wednesday, August 23, 2023 at 3:04:07 AM UTC-7, Claus Aßmann wrote:
> Gushi wrote:
>
> > It would be great if the enhdnsbl code had overrides that could ignore
> > these specific codes, rather than simply blocking on ANY returned A
> > record from the BL zone.
>
> > How difficult would this be to implement?
> Seems someone already did something like that...
> and it is documented it in cf/README:
>
> enhdnsbl Enhanced version of dnsbl (see above). Further arguments
> (up to 5) can be used to specify specific return values
> from lookups. Temporary lookup failures are ignored unless
> [[ read on for details ... ]]

This does not seem to work. When I enable this as recommended by this page:

https://docs.spamhaus.com/datasets/docs/source/40-real-world-usage/PublicMirrors/MTAs/030-Sendmail.html

By adding:

FEATURE(enhdnsbl,`zen.spamhaus.org', `"554 Connecting client IP address listed in Spamhaus ZEN. See https://www.spamhaus.org/query/ip/"$client_address" for details"', `127.0.0.2', `127.0.0.3', `127.0.0.4', `127.0.0.9', `127.0..0.10', `127.0.0.11')dnl

I find that mails are not blocked, and instead fall through to the reverse DNS checking:

Aug 30 06:16:24 <mail.info> prime sm-mta[51635]: 37U6GK0Y051635: dns emx.mail.ru. => 94.100.180.180
Aug 30 06:16:24 <mail.info> prime sm-mta[51635]: 37U6GK0Y051635: dns 240.52..65.128.zen.spamhaus.org. => 127.0.0.4
Aug 30 06:16:24 <mail.notice> prime sm-mta[51635]: 37U6GK0Y051635: ruleset=check_rcpt, arg1=<adm1@nnnnn.org>, relay=[128.65.52.240], reject=550 5.7.1 <adm1@nnnnn.org>... Fix reverse DNS for 128.65.52.240

In the event something does have reverse DNS, it gets through:

Aug 30 02:37:35 <mail.info> prime sm-mta[27963]: 37U2bJV4027963: dns mail.zadiodim-rostov.ru. => 185.26.123.232
Aug 30 02:37:35 <mail.info> prime sm-mta[27963]: 37U2bJV4027963: dns 170.157.12.181.zen.spamhaus.org. => 127.0.0.3
Aug 30 02:37:36 <mail.info> prime sm-mta[27963]: 37U2bJV4027963: Milter: to=<524swss4ayreqg@nnnnn.com>, reject=451 4.7.1 Greylisting in action, please come back in 00:10:00
Aug 30 02:37:36 <mail.notice> prime sm-mta[27963]: 37U2bJV4027963: lost input channel from host170.181-12-157.telecom.net.ar [181.12.157.170] to MTA after rcpt
Aug 30 02:37:36 <mail.info> prime sm-mta[27963]: 37U2bJV4027963: from=<3q1w789o8zhvcneu@nnnnn.ru>, size=0, class=0, nrcpts=100, proto=ESMTP, daemon=MTA, relay=host170.181-12-157.telecom.net.ar [181.12.157.170]

Yes, that's six arguments, and I note cf/README says "up to five" arguments, so I shortened it to just one return code: 127.0.0.11

Still no luck:

Aug 30 06:20:16 <mail.info> prime sm-mta[52272]: 37U6KBvV052272: dns aspmx.l.google.com. => 142.250.27.27
Aug 30 06:20:16 <mail.info> prime sm-mta[52272]: 37U6KBvV052272: dns alt1.aspmx.l.google.com. => 142.251.9.26
Aug 30 06:20:16 <mail.info> prime sm-mta[52272]: 37U6KBvV052272: dns alt2.aspmx.l.google.com. => 142.250.150.26
Aug 30 06:20:16 <mail.info> prime sm-mta[52272]: 37U6KBvV052272: dns aspmx2..googlemail.com. => 142.251.9.27
Aug 30 06:20:16 <mail.info> prime sm-mta[52272]: 37U6KBvV052272: dns aspmx3..googlemail.com. => 142.250.150.27
Aug 30 06:20:16 <mail.info> prime sm-mta[52272]: 37U6KBvV052272: dns 114.24..0.196.zen.spamhaus.org. => 127.0.0.11
Aug 30 06:20:16 <mail.notice> prime sm-mta[52272]: 37U6KBvV052272: ruleset=check_rcpt, arg1=<josefa@nnnnn.com>, relay=[196.0.24.114], reject=550 5.7.1 <josefa@nnnnn.com>... Fix reverse DNS for 196.0.24.114

When I remove the ip argument so it's only:

FEATURE(enhdnsbl,`zen.spamhaus.org', `blocked by zen', `t')dnl

I once again start getting blocks.

Am I formatting the return codes wrong?

As a note, here's what winds up in my sendmail.cf both with and without an IP address, respectively. I'm also noticing that it's stuffing the require_rdns code right after the RBL, versus giving it its own section.

Notworking:
# DNS based IP address spam list zen.spamhaus.org
R$* $: $&{client_addr}
R$-.$-.$-.$- $: <?> $(ednsbl $4.$3.$2.$1.zen.spamhaus.org. $: OK $)
R<?>OK $: OKSOFAR
R<?>$+<TMP> $#error $@ 4.4.3 $: "451 Temporary lookup failure of " $&{client_addr} " at zen.spamhaus.org"
R<?>127.0.0.11 $#error $@ 5.7.1 $: blocked by zen
R$* $: $&{client_addr} $| $&{client_resolve}
R$=R $* $@ RELAY We relay for these
R$* $| OK $@ OK Resolves.
R$* $| FAIL $#error $@ 5.7.1 $: 550 Fix reverse DNS for $1
R$* $| TEMP $#error $@ 4.1.8 $: 451 Client IP address $1 does not resolve
R$* $| FORGED $#error $@ 4.1.8 $: 451 Possibly forged hostname for $1

Working:
# DNS based IP address spam list zen.spamhaus.org
R$* $: $&{client_addr}
R$-.$-.$-.$- $: <?> $(ednsbl $4.$3.$2.$1.zen.spamhaus.org. $: OK $)
R<?>OK $: OKSOFAR
R<?>$+<TMP> $#error $@ 4.4.3 $: "451 Temporary lookup failure of " $&{client_addr} " at zen.spamhaus.org"
R<?>$+ $#error $@ 5.7.1 $: blocked by zen
R$* $: $&{client_addr} $| $&{client_resolve}
R$=R $* $@ RELAY We relay for these
R$* $| OK $@ OK Resolves.
R$* $| FAIL $#error $@ 5.7.1 $: 550 Fix reverse DNS for $1
R$* $| TEMP $#error $@ 4.1.8 $: 451 Client IP address $1 does not resolve
R$* $| FORGED $#error $@ 4.1.8 $: 451 Possibly forged hostname for $1

-Dan

Re: Fixing feature(enhdnsbl) so that a rate-limit response doesn't cause dropped mail

<ucmqos$e1n$1@news.misty.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=785&group=comp.mail.sendmail#785

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: Fixing feature(enhdnsbl) so that a rate-limit response doesn't
cause dropped mail
Date: Wed, 30 Aug 2023 03:23:08 -0400 (EDT)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <ucmqos$e1n$1@news.misty.com>
References: <f7323bb3-a79f-45e8-a5e3-10fd292f0681n@googlegroups.com> <uc4lik$a3l$1@news.misty.com> <f48cd77d-108d-4a65-a602-6dd9ff9903ebn@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 30 Aug 2023 07:23:08 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="14391"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Wed, 30 Aug 2023 07:23 UTC

Gushi wrote:

> FEATURE(enhdnsbl,`zen.spamhaus.org', `"554 Connecting client IP address
...
> `127.0.0.2', `127.0.0.3', `127.0.0.4', `127.0.0.9', `127.0.0.10',

Add a trailing dot to each IP:
`127.0.0.2.'

(and if that works, tell the people who wrote the webpage...)

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor