From owner-freebsd-bugs Mon Apr 6 06:30:03 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA23685 for freebsd-bugs-outgoing; Mon, 6 Apr 1998 06:30:03 -0700 (PDT) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: (from gnats@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA23679; Mon, 6 Apr 1998 06:30:01 -0700 (PDT) (envelope-from gnats) Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [194.93.177.113]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA23414 for ; Mon, 6 Apr 1998 06:26:54 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.8.8/8.8.8) id QAA01395; Mon, 6 Apr 1998 16:25:51 +0300 (EEST) (envelope-from ru) Message-Id: <199804061325.QAA01395@relay.ucb.crimea.ua> Date: Mon, 6 Apr 1998 16:25:51 +0300 (EEST) From: Ruslan Ermilov Reply-To: ru@ucb.crimea.ua To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: conf/6226: sendmail.cf.additions: wrong SMTP reply codes Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 6226 >Category: conf >Synopsis: sendmail.cf.additions: wrong SMTP reply codes >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Apr 6 06:30:01 PDT 1998 >Last-Modified: >Originator: Ruslan Ermilov >Organization: >Release: FreeBSD 2.2.6-STABLE i386 >Environment: /etc/mail/sendmail.cf.additions RFC 821 RFC 1893 http://www.sendmail.org/antispam.html >Description: Anti-spam rules in sendmail.cf.additions: 1) use wrong SMTP reply codes. 2) don't use enhanced error codes, as described in RFC 1893. I. Wrong SMTP reply codes All check_* rulesets may return an error. The error message returned consists of optional three-digit SMTP reply code, as defined in RFC 821, and a text message. The only exception is check_relay ruleset: the error message returned (reply code and text) isn't actually used; instead, all future SMTP commands are rejected with "550 Access denied". So why this and only this ruleset may return ANY reply code, e.g. 521. For sure, see note for check_relay ruleset on http://www.sendmail.org/antispam.html For example, $#error $: 521 $1 in check_mail ruleset will result in wrong SMTP reply code 521 (see RFC 821) and enhanced status code 5.0.0. II. Enhanced error codes All check_* rulesets, except check_relay (see above), can also return an enhanced mail system status code (RFC 1893), which then used by DSN mechanism. When not specifying it, sendmail assings this error code automatically. Assigning this code explicitly can give more precious description of the action taken. For example, $#error $@ 5.7.1 $: "550 Relaying Denied" in check_rcpt will result in SMTP reply code 550 (Requested action not taken for some reason) and Enhanced Error Code 5.7.1 (Permanent Failure; Delivery not authorized, message refused) with additional text "Relaying Denied". >How-To-Repeat: Activate /etc/mail/sendmail.cf.additions and try. >Fix: The following two patches were made against RELENG_2_2. The first patch fixes SMTP reply codes returned. The second patch does the same plus it gives each error a suitable enhanced error code defined in RFC 1893. Index: sendmail.cf.additions =================================================================== RCS file: /usr/FreeBSD-CVS/src/etc/mail/sendmail.cf.additions,v retrieving revision 1.1.2.3 diff -u -r1.1.2.3 sendmail.cf.additions --- sendmail.cf.additions 1998/03/05 18:33:20 1.1.2.3 +++ sendmail.cf.additions 1998/04/06 12:30:18 @@ -37,12 +37,12 @@ R$* $| $* $: <$1 $| $2> $1 R<$*> $+.$+.$+ <$1> $3.$4 R<$*> $+.$+ $: <$1> $(spamsites $2.$3 $) -R<$*> $*.REJECT $#error $: 521 blocked. contact postmaster@$m +R<$*> $*.REJECT $#error $: 521 R<$*> $* $: $1 # host must NOT be in the "spamsites" database--END # ip address must NOT be in the "denyip" database--BEGIN R$* $| $* $: $1 $| $(denyip $2 $) -R$* $| $*.REJECT $#error $: 521 blocked. contact postmaster@$m +R$* $| $*.REJECT $#error $: 521 # ip address must NOT be in the "denyip" database--END R$* $@ OK @@ -69,7 +69,7 @@ R$+ @$+ $: <$1@$2> $2 R<$*> $+.$+.$+ <$1> $3.$4 R<$*> $* $: $(spamsites $2 $: OK $) -R$+.REJECT $#error $: 521 $1 +R$+.REJECT $#error $: 550 $1 R<$*> $* $: $1 # mail must NOT come from a known source of spam--END # Connecting Host must resolve--BEGIN @@ -96,7 +96,7 @@ # mail must NOT be addressed "fakenames"--BEGIN R$* $: <$1> $>3 $1 R<$*> $+ < @ $+ > $: <$1> $(fakenames $2 $: OK $) -R$+.REJECT $#error $: 521 $1 +R$+.REJECT $#error $: 550 $1 R<$*> $* $: $1 # mail must NOT be addressed "fakenames"--END # mail must come from or go to this machine or machines we allow to relay--BEGIN Index: sendmail.cf.additions =================================================================== RCS file: /usr/FreeBSD-CVS/src/etc/mail/sendmail.cf.additions,v retrieving revision 1.1.2.3 diff -u -r1.1.2.3 sendmail.cf.additions --- sendmail.cf.additions 1998/03/05 18:33:20 1.1.2.3 +++ sendmail.cf.additions 1998/04/06 12:55:59 @@ -37,12 +37,12 @@ R$* $| $* $: <$1 $| $2> $1 R<$*> $+.$+.$+ <$1> $3.$4 R<$*> $+.$+ $: <$1> $(spamsites $2.$3 $) -R<$*> $*.REJECT $#error $: 521 blocked. contact postmaster@$m +R<$*> $*.REJECT $#error $: 521 R<$*> $* $: $1 # host must NOT be in the "spamsites" database--END # ip address must NOT be in the "denyip" database--BEGIN R$* $| $* $: $1 $| $(denyip $2 $) -R$* $| $*.REJECT $#error $: 521 blocked. contact postmaster@$m +R$* $| $*.REJECT $#error $: 521 # ip address must NOT be in the "denyip" database--END R$* $@ OK @@ -63,24 +63,24 @@ # remove all RFC-822 comments--END # mail must come from a DNS resolvable host--BEGIN R$* < @ $+ . > $: $1 @ $2 -R$* < @ $+ > $#error $: "451 Domain does not resolve" +R$* < @ $+ > $#error $@ 4.1.8 $: "451 Domain does not resolve" # mail must come from a DNS resolvable host--END # mail must NOT come from a known source of spam--BEGIN R$+ @$+ $: <$1@$2> $2 R<$*> $+.$+.$+ <$1> $3.$4 R<$*> $* $: $(spamsites $2 $: OK $) -R$+.REJECT $#error $: 521 $1 +R$+.REJECT $#error $@ 5.7.1 $: 550 $1 R<$*> $* $: $1 # mail must NOT come from a known source of spam--END # Connecting Host must resolve--BEGIN R$* $: $1 $: $(dequote "" $&{client_name} $) R$* $: $>3 foo@$1 -R<$*> $*<@$*> $#error $: "451 Domain does not resolve" +R<$*> $*<@$*> $#error $@ 4.1.8 $: "451 Domain does not resolve" # Connecting Host must resolve--END # ip address must NOT be in Paul Vixie's RBL--BEGIN R$* $: $1 $: $(dequote "" $&{client_addr} $) R$* $: $>check_rbl $1 -R$*.com. $#error $: "550 Mail refused, see http://maps.vix.com/rbl" +R$*.com. $#error $@ 5.7.1 $: "550 Mail refused, see http://maps.vix.com/rbl" # ip address must NOT be in Paul Vixie's RBL--END R$* $@ OK @@ -96,7 +96,7 @@ # mail must NOT be addressed "fakenames"--BEGIN R$* $: <$1> $>3 $1 R<$*> $+ < @ $+ > $: <$1> $(fakenames $2 $: OK $) -R$+.REJECT $#error $: 521 $1 +R$+.REJECT $#error $@ 5.2.1 $: 550 $1 R<$*> $* $: $1 # mail must NOT be addressed "fakenames"--END # mail must come from or go to this machine or machines we allow to relay--BEGIN @@ -108,7 +108,7 @@ # R$=w $@ OK # R$* $=R $@ OK # R$@ $@ OK -# R$* $#error $: "550 Relaying Denied" +# R$* $#error $@ 5.7.1 $: "550 Relaying Denied" # mail must come from or go to this machine or machines we allow to relay--END R$* $@ OK >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message