Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Innovation distinguishes between a leader and a follower. -- Steve Jobs (1955-2011)


computers / comp.mail.sendmail / Re: access_db not recognized

SubjectAuthor
* access_db not recognizedMarco Moock
`* Re: access_db not recognizedKalevi Kolttonen
 `* Re: access_db not recognizedMarco Moock
  `- Re: access_db not recognizedClaus Aßmann

1
access_db not recognized

<ud1rgf$snk4$6@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=786&group=comp.mail.sendmail#786

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: mo0...@posteo.de (Marco Moock)
Newsgroups: comp.mail.sendmail
Subject: access_db not recognized
Date: Sun, 3 Sep 2023 13:43:11 +0200
Organization: A noiseless patient Spider
Lines: 67
Message-ID: <ud1rgf$snk4$6@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 3 Sep 2023 11:43:11 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="e8ceab6d88e2a2b6849ad48e783a2a43";
logging-data="941700"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19xxL4Vfp6+ZSUM8gpbwZSL"
Cancel-Lock: sha1:1F2KdFsOG67hJ4gdp2/151VR6f0=
 by: Marco Moock - Sun, 3 Sep 2023 11:43 UTC

Hello everyone!

I would like to use accessdb to block certain recipient domains and
only allow some addresses to be locally delivered (to avoid backscatter
attacks).
First, I only test to block one address.

For me, that looks fine and means the access db hash database includes
the option.

m@srv1:/etc/mail$ sudo sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> /map access To:bla@test.dorfdsl.de
map_lookup: access (To:bla@test.dorfdsl.de) returns REJECT (0)

Although, the MTA doesn't care about it.

m@srv1:/etc/mail$ sudo /usr/lib/sendmail -bv bla@test.dorfdsl.de
bla@test.dorfdsl.de... deliverable: mailer esmtp, host test.dorfdsl.de,
user bla@test.dorfdsl.de m@srv1:/etc/mail$

define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.17.1.9-2 2023-01-11 23:26:28 cowboy
Exp $') OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS=
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Family=inet6, Name=MTA, Port=smtp')dnl
DAEMON_OPTIONS(`Family=inet6, Name=MSP, Port=submission, M=Ea')dnl
DAEMON_OPTIONS(`Family=inet6, Name=MSP, Port=submissions, M=sEa')dnl
define(`confPRIVACY_FLAGS',dnl
`needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl
define(`confCONNECTION_RATE_THROTTLE', `15')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`access_db',, `relaytofulladdress')dnl
FEATURE(`blocklist_recipients')dnl
define(`confBAD_RCPT_THROTTLE',`3')dnl
include(`/etc/mail/sasl/sasl.m4')dnl
TRUST_AUTH_MECH(`PLAIN')dnl
define(`confAUTH_MECHANISMS', `PLAIN')dnl
include(`/etc/mail/tls/starttls.m4')dnl
dnl Conf lines for certificate, removed here for simplicity
FEATURE(`virtusertable')dnl
VIRTUSER_DOMAIN_FILE(`/etc/mail/virtuserdomains')
define(`confLOCAL_MAILER', `cyrusv2')dnl MAILER_DEFINITIONS
MAILER(`local')dnl MAILER(`cyrusv2')dnl MAILER(`smtp')dnl

access db is listed in .cf:

m@srv1:/etc/mail$ grep ^K /etc/mail/sendmail.cf
Kresolve host -a<OKR> -T<TEMP>
Karith arith
Kmacro macro
Kdequote dequote
Kaccess hash -T<TMPF> /etc/mail/access
Kvirtuser hash /etc/mail/virtusertable
m@srv1:/etc/mail$

What is the problem?

--
kind regards
Marco

Re: access_db not recognized

<ud1vgc$tr0o$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=787&group=comp.mail.sendmail#787

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: kal...@kolttonen.fi (Kalevi Kolttonen)
Newsgroups: comp.mail.sendmail
Subject: Re: access_db not recognized
Date: Sun, 3 Sep 2023 12:51:24 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 35
Sender: <untosten@0.0.0.0>
Message-ID: <ud1vgc$tr0o$1@dont-email.me>
References: <ud1rgf$snk4$6@dont-email.me>
Injection-Date: Sun, 3 Sep 2023 12:51:24 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="32a62e22f99ed0ee2a8b00b7fcb2d90c";
logging-data="977944"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/aK9+D/3Qz/GOFmVf+FcRK7zp+k1m+yEY="
User-Agent: tin/2.6.2-20221225 ("Pittyvaich") (Linux/6.4.12-200.fc38.x86_64 (x86_64))
Cancel-Lock: sha1:MQxhBZI1RuJagbIdNfnTea6JdAY=
 by: Kalevi Kolttonen - Sun, 3 Sep 2023 12:51 UTC

Marco Moock <mo01@posteo.de> wrote:
> For me, that looks fine and means the access db hash database includes
> the option.
>
> m@srv1:/etc/mail$ sudo sendmail -bt
> ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
> Enter <ruleset> <address>
>> /map access To:bla@test.dorfdsl.de
> map_lookup: access (To:bla@test.dorfdsl.de) returns REJECT (0)
>
> Although, the MTA doesn't care about it.
>
> m@srv1:/etc/mail$ sudo /usr/lib/sendmail -bv bla@test.dorfdsl.de
> bla@test.dorfdsl.de... deliverable: mailer esmtp, host test.dorfdsl.de,
> user bla@test.dorfdsl.de m@srv1:/etc/mail$
> [...]
> What is the problem?

It's been a while since I worked with Sendmail, but I seem
to remember that this is a (mis)feature of the "-bv" option.

Just test with:

telnet localhost 587

or

telnet localhost 25

and manually create an SMTP session. I am pretty sure
that your bla@test.dorfdsl.de will be rejected during
the session, just like it should.

br,
KK

Re: access_db not recognized

<ud28ce$vg73$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=788&group=comp.mail.sendmail#788

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: mo0...@posteo.de (Marco Moock)
Newsgroups: comp.mail.sendmail
Subject: Re: access_db not recognized
Date: Sun, 3 Sep 2023 17:22:54 +0200
Organization: A noiseless patient Spider
Lines: 10
Message-ID: <ud28ce$vg73$1@dont-email.me>
References: <ud1rgf$snk4$6@dont-email.me>
<ud1vgc$tr0o$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 3 Sep 2023 15:22:54 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="e8ceab6d88e2a2b6849ad48e783a2a43";
logging-data="1032419"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+SX1n+qJ0TwLO9UTh0A18A"
Cancel-Lock: sha1:uM/DGVrnQIsbcVcv48YlTt192Yc=
 by: Marco Moock - Sun, 3 Sep 2023 15:22 UTC

Am 03.09.2023 um 12:51:24 Uhr schrieb Kalevi Kolttonen:

> It's been a while since I worked with Sendmail, but I seem
> to remember that this is a (mis)feature of the "-bv" option.

Thanks.

That IS exactly the issue.
Now it would be interesting why that is the case (maybe intentionally).

Re: access_db not recognized

<ud3smk$9fp$1@news.misty.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=789&group=comp.mail.sendmail#789

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: access_db not recognized
Date: Mon, 4 Sep 2023 02:15:48 -0400 (EDT)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <ud3smk$9fp$1@news.misty.com>
References: <ud1rgf$snk4$6@dont-email.me> <ud1vgc$tr0o$1@dont-email.me> <ud28ce$vg73$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 4 Sep 2023 06:15:48 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="9721"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Mon, 4 Sep 2023 06:15 UTC

Marco Moock wrote:

> Now it would be interesting why that is the case (maybe intentionally).

See the fine documentation:

5.1.4.3. check_rcpt

The check_rcpt ruleset is passed the user
name parameter of the SMTP RCPT command. ...

That's where your "To:address" access_db entry is used.
sendmail -bv doesn't use SMTP.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor