From owner-freebsd-ports-bugs@FreeBSD.ORG  Sat Aug  1 12:50:02 2009
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 65873106566B
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sat,  1 Aug 2009 12:50:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 3F36B8FC17
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sat,  1 Aug 2009 12:50:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n71Co2ra089313
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Sat, 1 Aug 2009 12:50:02 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n71Co2gB089312;
	Sat, 1 Aug 2009 12:50:02 GMT (envelope-from gnats)
Resent-Date: Sat, 1 Aug 2009 12:50:02 GMT
Resent-Message-Id: <200908011250.n71Co2gB089312@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, olli hauer <ohauer@gmx.de>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5C688106566B
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sat,  1 Aug 2009 12:43:18 +0000 (UTC) (envelope-from ohauer@gmx.de)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by mx1.freebsd.org (Postfix) with SMTP id D08F48FC14
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sat,  1 Aug 2009 12:43:17 +0000 (UTC) (envelope-from ohauer@gmx.de)
Received: (qmail invoked by alias); 01 Aug 2009 12:43:16 -0000
Received: from u18-124.dsl.vianetworks.de (EHLO u18-124.dsl.vianetworks.de)
	[194.231.39.124]
	by mail.gmx.net (mp017) with SMTP; 01 Aug 2009 14:43:16 +0200
Received: by u18-124.dsl.vianetworks.de (Postfix, from userid 1100)
	id 2224A2613F; Sat,  1 Aug 2009 14:43:11 +0200 (CEST)
Message-Id: <20090801124312.2224A2613F@u18-124.dsl.vianetworks.de>
Date: Sat,  1 Aug 2009 14:43:11 +0200 (CEST)
From: olli hauer <ohauer@gmx.de>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: ohauer@gmx.de
Subject: ports/137333: [patch] port security/amavisd-new (Amavis should not
	send DSN if D_REJECT is active)
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: olli hauer <ohauer@gmx.de>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Aug 2009 12:50:02 -0000


>Number:         137333
>Category:       ports
>Synopsis:       [patch] port security/amavisd-new (Amavis should not send DSN if D_REJECT is active)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 01 12:50:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     ohauer
>Release:        FreeBSD 7.2-RELEASE i386
>Organization:
>Environment:


>Description:
In a setup with amavisd-new and postfix it can happened that two bounces are sent
back to the sender if the following condition match.
 - amavisd-new as smtpd_proxy_filter filter for postfix
 - postfix rejects the mail in a later state

For details see discussion here:
 http://www.mail-archive.com/amavis-user@lists.sourceforge.net/msg14060.html

-- snipped from discussion --
> If reinjection of mail fails, Amavis will send a DSN back to the sender to
> notify him about this failure.
>
> But if D_REJECT is active this leads to *2* DSN back to the user: One DSN
> from the sending MTA (because Amavis blocks that mail to the feeding
> MTA), second DSN from Amavis himself.

please see additional my PR 136151 from 29 Jun 2009

>How-To-Repeat:
>Fix:

--- patch_amavisd-new_2009-08-01 begins here ---
--- amavisd.orig	2009-06-25 14:39:01.000000000 +0200
+++ amavisd	2009-08-01 13:51:53.000000000 +0200
@@ -1492,6 +1492,7 @@
     CC_BANNED,      sub { c('final_banned_destiny') },
     CC_SPAM,        sub { c('final_spam_destiny') },
     CC_BADH,        sub { c('final_bad_header_destiny') },
+    CC_MTA.',2',    D_REJECT,
     CC_OVERSIZED,   D_BOUNCE,
     CC_CATCHALL,    D_PASS,
   );
@@ -11316,6 +11317,32 @@
         $r->blocking_ccat($blocking_ccat) if !defined($r->blocking_ccat);
         $msginfo->blocking_ccat($blocking_ccat)
                                           if !defined($msginfo->blocking_ccat);
+        my($final_destiny) =
+          $r->setting_by_contents_category(cr('final_destiny_by_ccat'));
+        if ($final_destiny == D_PASS) {
+          $final_destiny = D_REJECT;  # impossible to pass, change to reject
+        }
+        local($1,$2);
+        $r->recip_destiny($final_destiny);
+        if ($final_destiny == D_DISCARD && $smtp_resp =~ /^5/) {
+          $smtp_resp =~ s{^5(\d\d) 5(\.\d\.\d)}{250 2$2};  # 5xx -> 250
+        }
+        my($smtp_reason) =  # get the custom smtp response reason text
+          $r->setting_by_contents_category(cr('smtp_reason_by_ccat'));
+        $smtp_reason = '' if !defined $smtp_reason;
+        if ($smtp_reason ne '') {
+          my(%mybuiltins) = %builtins;  # make a local copy
+          $smtp_reason = expand(\$smtp_reason, \%mybuiltins);
+          $smtp_reason = !ref($smtp_reason) ? '' : $$smtp_reason;
+          chomp($smtp_reason); $smtp_reason = sanitize_str($smtp_reason,1);
+          $smtp_reason = substr($smtp_reason,0,100) . "..."
+            if length($smtp_reason) > 100+3;
+        }
+        $smtp_resp =~ /^(\d\d\d(?: \d\.\d\.\d)?)\s*(.*)\z/;
+        my($dis) = $final_destiny == D_DISCARD ? ' Discarded' : '';
+        $r->recip_smtp_response("$1$dis $smtp_reason, $2");
+        $r->recip_done(1); # fake a delivery (confirm delivery to a bit bucket)
+        # note that 5xx status rejects may later be converted to bounces
       }
       $msginfo->header_edits($hdr_edits); # restore original edits just in case
       $elapsed{'TimeElapsedForwarding'} = Time::HiRes::time - $t0_sect;
@@ -17774,23 +17801,21 @@
 #
 sub enhance_smtp_response($$$$$) {
   my($smtp_resp,$am_id,$mta_id,$dflt_enhcode,$cmd_name) = @_;
-  local($1,$2,$3); my($resp_shortmsg,$resp_msg);
+  local($1,$2,$3); my($resp_msg);
   my($resp_code,$resp_enhcode) = ('451', '4.5.0');
   if (!defined($smtp_resp) || $smtp_resp eq '') {
-    $resp_shortmsg = 'No resp. to '.$cmd_name;
+    $smtp_resp = sprintf('No resp. to %s', $cmd_name);
   } elsif ($smtp_resp !~ /^[245]\d{2}/) {
-    $resp_shortmsg = 'Bad resp. to '.$cmd_name;
+    $smtp_resp = sprintf('Bad resp. to %s: %s', $cmd_name,$smtp_resp);
   } elsif ($smtp_resp =~ /^ (\d{3}) [ \t]+ ([245] \. \d{1,3} \. \d{1,3})?
                           \s* (.*) \z/xs) {
     ($resp_code, $resp_enhcode, $resp_msg) = ($1, $2, $3);
     my($c) = substr($resp_code,0,1);
     if ($resp_enhcode eq '' && $resp_code =~ /^[245]/)
       { $resp_enhcode = $dflt_enhcode; $resp_enhcode =~ s/^\d*/$c/ }
-    $resp_shortmsg = $c eq '2' ? 'Ok' : $c eq '4' ? 'TempFailed' : 'Failed';
   }
-  sprintf("%s %s %s, id=%s, from MTA(%s): %s",
-          $resp_code, $resp_enhcode, $resp_shortmsg,
-          $am_id, $mta_id, $smtp_resp);
+  sprintf("%s %s from MTA(%s): %s",
+          $resp_code, $resp_enhcode, $mta_id, $smtp_resp);
 }
 
 # Send mail using SMTP - single transaction
--- patch_amavisd-new_2009-08-01 ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted: