приветствую
вопрос в первую очередь к Афонину - нельзя ли попробовать на 8.13
повторить ситуацию? у меня на 8.12.11 что с rset, что без rset,
check_helo не отвергает второе письмо
p. s. создавай новый тред по проверке Message-ID, о которой писал в ICQ
-------- Original Message --------
Subject: Re: check_helo.m4
Date: Wed, 07 Dec 2005 12:36:51 +0700
From: Eugene Grosbein <eugen на kuzbass.ru>
Organization: SVZServ
To: Victor Ustugov <victor на corvax.kiev.ua>
References: <43955879.10FDE951 на kuzbass.ru> <4395A91C.6000003 на corvax.kiev.ua>
Victor Ustugov wrote:
> > Решил попробовать ваши HACKи для sendmail по проверке HELO/EHLO.
> > Конфигурация следующая (sendmail 8.13.1):
> >
> > define(`confCHECK_HELO', `ACCESS_DB SYNTAX IP')dnl
> > define(`confCHECK_HELO_SKIP', `OUTGOING')dnl
> > define(`confCHECK_OUTGOING_IN', `RELAY_DOMAINS')dnl
> > HACK(`cfhead')dnl
> > HACK(`check_helo')dnl
> >
> > То есть для сетей, упомянутых в relay-domains, проверка HELO
> > должна пропускаться. Она и пропускается, но только для первого
> > письма в сессии SMTP: клиент подключается и выдает ELHO alkor.
> > Потом MAIL FROM:, RCPT TO:, DATA, текст письма, sendmail отвечает 250
> > и письмо обрабатывает. В этой же сессии клиент снова говорит
> > MAIL FROM: и тут sendmail отвечает:
> >
> > 554 5.7.1 Misconfigured SMTP client (may be MUA) detected.
> >
> > Это можно как-то починить?
>> проблема не подтвердилась у меня на 8.12.11 (более свежего нет).
> в примере 10.0.7.5 - это просто алиас на одном из интерфейсов моего
> десктопа. он не фигурирует нигде ни в access_db ни в relay-domains...
>> $ telnet 10.0.7.5 25
> Trying 10.0.7.5...
> Connected to corvax.test (10.0.7.5).
> Escape character is '^]'.
> 220 corvax.falbi.kiev.ua ESMTP Sendmail 8.12.11/8.12.11; Tue, 6 Dec 2005
> 16:57:01 +0200
> helo 1
> 250 corvax.falbi.kiev.ua Hello corvax.test [10.0.7.5], pleased to meet you
> mail from:<corvax на falbi.ua>
> 250 2.1.0 <corvax на falbi.ua>... Sender ok
> rcpt to:<corvax на falbi.ua>
> 554 5.7.1 Misconfigured SMTP client (may be MUA) detected
> quit
> 221 2.0.0 corvax.falbi.kiev.ua closing connection
> Connection closed by foreign host.
>> теперь вношу 10.0.7.5 в relay-domains и пробую снова:
>> $ telnet 10.0.7.5 25
> Trying 10.0.7.5...
> Connected to corvax.test (10.0.7.5).
> Escape character is '^]'.
> 220 corvax.falbi.kiev.ua ESMTP Sendmail 8.12.11/8.12.11; Tue, 6 Dec 2005
> 16:57:57 +0200
> EHLO 1
> 250-corvax.falbi.kiev.ua Hello corvax.test [10.0.7.5], pleased to meet you
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-ETRN
> 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
> 250-STARTTLS
> 250-DELIVERBY
> 250 HELP
> MAIL FROM:<corvax на falbi.ua>
> 250 2.1.0 <corvax на falbi.ua>... Sender ok
> RCPT TO:<corvax на falbi.ua>
> 250 2.1.5 <corvax на falbi.ua>... Recipient ok
> DATA
> 354 Enter mail, end with "." on a line by itself
> From: <corvax на falbi.ua>
> To: <corvax на falbi.ua>
>> .
> 250 2.0.0 jB6EvvJO009895 Message accepted for delivery
> RSET
> 250 2.0.0 Reset state
Microsoft Outlook (не Express) не делает RSET в этом месте.
Впрочем, c RSET то же самое, проверил (см. ниже).
> MAIL FROM:<eugen на kuzbass.ru>
> 250 2.1.0 <eugen на kuzbass.ru>... Sender ok
> RCPT TO:<victor на corvax.kiev.ua>
> 250 2.1.5 <victor на corvax.kiev.ua>... Recipient ok
> DATA
> 354 Enter mail, end with "." on a line by itself
> From: <eugen на kuzbass.ru>
> To: <victor на corvax.kiev.ua>
>> .
> 250 2.0.0 jB6EvvJQ009895 Message accepted for delivery
> QUIT
> 221 2.0.0 corvax.falbi.kiev.ua closing connection
> Connection closed by foreign host.
>> есть возможность в своих условиях проверить на 8.12?
> если нет, я Афонина попрошу проверить на 8.13 работу хака при получении
> нескольких писем в одной сессии
Проверил на 8.12.9, то же самое - первое письмо уходит,
на второе ошибка 544 5.7.1.
Вот полный .mc. Существенные отличия от стандарного для FreeBSD 4.8-STABLE:
- добавлены три dnsbl и один rhsbl
- добавлен clamav-milter
- добавлен milter-ahead
divert(-1)
#
# Copyright (c) 1983 Eric P. Allman
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. All advertising materials mentioning features or use of this software
# must display the following acknowledgement:
# This product includes software developed by the University of
# California, Berkeley and its contributors.
# 4. Neither the name of the University nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This is a generic configuration file for FreeBSD 4.X and later systems.
# If you want to customize it, copy it to a name appropriate for your
# environment and do the modifications there.
#
# The best documentation for this .mc file is:
# /usr/share/sendmail/cf/README or
# /usr/src/contrib/sendmail/cf/README
#
divert(0)
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.18 2003/04/24
16:57:30 gshapiro Exp $')
OSTYPE(freebsd4)
DOMAIN(generic)
FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
dnl Uncomment to allow relaying based on your MX records.
dnl NOTE: This can allow sites to use your server as a backup MX without
dnl your permission.
dnl FEATURE(relay_based_on_MX)
dnl DNS based black hole lists
dnl --------------------------------
dnl DNS based black hole lists come and go on a regular basis
dnl so this file will not serve as a database of the available servers.
dnl For that, visit
dnl
http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/
dnl Uncomment to activate Realtime Blackhole List
dnl information available at http://www.mail-abuse.com/
dnl NOTE: This is a subscription service as of July 31, 2001
dnl FEATURE(dnsbl)
dnl Alternatively, you can provide your own server and rejection message:
dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `"550 Mail from "
$&{client_addr} " rejected,
see http://mail-abuse.org/cgi-bin/lookup?" $&{client_addr}')
FEATURE(dnsbl, `spamtrap.drbl.kuzbass.ru', `"550 Mail from "
$&{client_addr} "
rejected by Kuzbass.Ru Spamtrap RBL"')
FEATURE(dnsbl, `work.drbl.kuzbass.ru', `"550 Mail from " $&{client_addr} "
rejected by Kuzbass.Ru RBL"')
FEATURE(dnsbl, `drblhn.kuzbass.ru', `"550 Mail from " $&{client_name} "
rejected by Kuzbass.Ru RBL"',`',`h')
FEATURE(rhsbl, `rhsbl.kuzbass.ru', `"550 Mail from domain " $`'&{RHS} "
rejected by Kuzbass.Ru RBL"')
dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST', `your.isp.mail.server')
define(`confMILTER_LOG_LEVEL', `6')
INPUT_MAIL_FILTER(`clmilter', `S=unix:/var/run/clamav/clmilter.sock, F=,
T=S:4m;R:4m')
dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
define(`confCW_FILE', `-o /etc/mail/local-host-names')
define(`ALIAS_FILE', `/etc/mail/aliases,/etc/mail/aliases.majordomo')
define(`confDOUBLE_BOUNCE_ADDRESS',`dev-null')
define(`confMAX_RCPTS_PER_MESSAGE',`10')
dnl Uncomment both of the following lines to listen on IPv6 as well as IPv4
dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet')
dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6')
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy,needmailhelo')
define(`confCHECK_HELO', `ACCESS_DB SYNTAX IP')dnl
define(`confCHECK_HELO_SKIP', `OUTGOING')dnl
define(`confCHECK_OUTGOING_IN', `RELAY_DOMAINS')dnl
HACK(`cfhead')dnl
HACK(`check_helo')dnl
dnl -------------------------------------------------------------------
dnl milter-ahead.mc
dnl -------------------------------------------------------------------
dnl Example configuration to be added to sendmail.mc.
dnl
define(`_FFR_MILTER', `1')dnl
dnl -------------------------------------------------------------------
dnl Enable this for debug output from Sendmail.
dnl define(`confLOG_LEVEL', `12')dnl
dnl -------------------------------------------------------------------
dnl Enable this to see even more debug output.
dnl Defaults to confLOG_LEVEL.
dnl
dnl If Milter.LogLevel is greater-than:
dnl
dnl 0 Communication errors
dnl 8 Header & RCPT modification messages
dnl 9 Connect to info
dnl 10 Milter error return codes, abort messages
dnl 12 More return code info, connection/open errors
dnl 14 grey & rcpts info
dnl 17 Show headers & body sent to a milter.
dnl 18 Quit
dnl 21 Time a milter
dnl define(`confMILTER_LOG_LEVEL', 14)dnl
dnl -------------------------------------------------------------------
dnl Note that the F= says what to do with the message if the milter
dnl is not running.
dnl
dnl F=T Temporary fail connection if filter unavailable
dnl F=R Reject connection if filter unavailable
dnl
dnl If no F= specified and there is a problem with the milter, then
dnl the default is to continue normal handling, skipping the milter.
dnl
dnl Note that the T= specifies timeouts for communication. The
dnl following fields are defined:
dnl
dnl C Timeout for connecting to a filter. If set to zero (0),
dnl the system's connect() timeout will be used. Default: 5m
dnl S Timeout for sending information from the MTA to a
dnl filter. Default: 10s
dnl R Timeout for reading reply from the filter. Default: 10s
dnl E Overall timeout between sending end-of-message to filter
dnl and waiting for the final acknowledgment. Default: 5m
dnl
dnl So the default values are equivalent to:
dnl
dnl T=C:5m;S=10s;R=10s;E:5m
dnl
INPUT_MAIL_FILTER(
`milter-ahead',
`S=unix:/var/spool/milter-ahead/socket, T=C:1m;S:30s;R:6m;E:1m'
)dnl
dnl -------------------------------------------------------------------
dnl End milter-ahead.mc
dnl -------------------------------------------------------------------
MAILER(local)
MAILER(smtp)
--
Best wishes Victor Ustugov mailto:victor на corvax.kiev.ua
public GnuPG/PGP key: http://victor.corvax.kiev.ua/corvax.asc
ICQ: 77186900, 32418694 CRV2-RIPE, CRV-UANIC