Blocked ip not blocked - Spew.Spew.Net

Blocked ip not blocked - Spew.Spew.Net

Post by Michael Rawl » Sat, 26 Sep 1998 04:00:00



    Has anyone else experienced problems with Sendmail 8.9.1 not blocking a
domain named entered in to the access list?
  I have the following line in my access file;

da.uu.net       REJECT  No spam from you.

Yet UU.Net dial-ups pass right pass the reject like it is not there.  Email
addreses do get blocked.  See log below;

Sep 25 14:31:17 user2.dancris.com sendmail[11768]: connect from
1Cust109.tnt1.sylva.nc.da.uu.net
Sep 25 14:31:41 user2.dancris.com sendmail[11800]: OAA11800:


relay=1Cust109.tnt1.sylva.nc.da.uu.net [208.254.171.109]

I did run  makemap on the access file after adding da.uu.net.  I tried both
REJECT and 550.

M. Rawls

 
 
 

Blocked ip not blocked - Spew.Spew.Net

Post by Claus Assma » Sun, 27 Sep 1998 04:00:00


Quote:"Michael Rawls" writes:
>    Has anyone else experienced problems with Sendmail 8.9.1 not blocking a
>domain named entered in to the access list?
>  I have the following line in my access file;
>da.uu.net   REJECT  No spam from you.
>Yet UU.Net dial-ups pass right pass the reject like it is not there.  Email
>addreses do get blocked.  See log below;

Does your access map work at all?
Taken from
http://www.informatik.uni-kiel.de/%7Eca/email/chk-dbg.html

Problems with FEATURE(access_db)

If your access map doesn't work, try the following:

  1. You didn't forget to actually create the map? Use the makemap(8)
     command, e.g., makemap hash /etc/mail/access </etc/mail/access
  2. Remove the '-o' option and test again. Now sendmail will complain if
     there are problems with the map, like: unsafe map file.
  3. Use the debug mode to test the entries:

     sendmail -bt
     > /map access ENTRY

     where ENTRY is something which is on the LHS of the map. It should
     return the RHS, e.g.,

     map_lookup: access (ENTRY) returns "550 no mail from ENTRY" (0)

Please try step 2 and 3. If 2. fails, see the file README.
--
<URL: http://www.informatik.uni-kiel.de/%7Eca/ >
Please don't send me copies of usenet postings. Thanks!
Warning: the From: address is "spam protected". Make sure
you use "reply" if you want to send me e-mail.

 
 
 

Blocked ip not blocked - Spew.Spew.Net

Post by Michael Rawl » Mon, 28 Sep 1998 04:00:00


Claus Assmann <ca+sendm...@mine.informatik.uni-kiel.de> wrote in article
<6uj1b7$...@mine.informatik.uni-kiel.de>...

> "Michael Rawls" writes:

> >    Has anyone else experienced problems with Sendmail 8.9.1 not
blocking a
> >domain named entered in to the access list?
> >  I have the following line in my access file;

> >da.uu.net      REJECT  No spam from you.

> >Yet UU.Net dial-ups pass right pass the reject like it is not there.
Email
> >addreses do get blocked.  See log below;

> Does your access map work at all?

   It works for email addresses and fully qualified domain names that
resolve to an ip address, but "da.uu.net" by it self resolves to nothing.
It is always part of a larger domain name "1Cust149.tnt3.lax1.da.uu.net"

C:\>nslookup
Default Server:  user1.dancris.com
Address:  204.177.80.10

> da.uu.net

Server:  user1.dancris.com
Address:  204.177.80.10

Name:    da.uu.net


I triend using Sendmail 8.8.8 with the hacks found in the RedHat linux
sendmail, and I am getting the same results. Below applies to sendmail
8.8.8

============================
  I tried the "sendmail -bt" to test and it showed the map entry;

============================
bash-2.01# ./sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>

> /map junk da.uu.net

map_lookup: junk (da.uu.net) returns Blocked for spam by SysAdmin@JUNK (0)

=============================
But after I removed the da.uu.net entry from the hosts.deny the following
entry was made in the syslog;

Sep 27 12:01:19 user2.dancris.com sendmail[16321]: connect from
1Cust149.tnt3.la
x1.da.uu.net
Sep 27 12:01:22 user2.dancris.com sendmail[16322]: MAA16322:
from=<merchant1@ind
iasite.com>, size=2332, class=0, pri=32332, nrcpts=1,
msgid=<NetContact.9/26/98.
56360.69.mercha...@indiasite.com>, proto=ESMTP,
relay=r...@1Cust149.tnt3.lax1.da
.uu.net [208.251.117.149]
Sep 27 12:01:22 user2.dancris.com sendmail[16324]: MAA16322:
to=<tbarclay@dancri
s.com>, delay=00:00:02, xdelay=00:00:00, mailer=local, stat=Sent
==============================
My .mc file looks like this;

divert(-1)
#
# Copyright (c) 1983 Eric P. Allman
# Copyright (c) 1988, 1993
#       The Regents of the University of California.  All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
# 3. All advertising materials mentioning features or use of this software
#    must display the following acknowledgement:
#       This product includes software developed by the University of
#       California, Berkeley and its contributors.
# 4. Neither the name of the University nor the names of its contributors
#    may be used to endorse or promote products derived from this software
#    without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#

#
#  This is a generic configuration file for SunOS 4.1.x.
#  It has support for local and SMTP mail only.  If you want to
#  customize it, copy it to a name appropriate for your environment
#  and do the modifications there.
#

divert(0)dnl
VERSIONID(`@(#)generic-sunos4.1.mc      8.3 (Berkeley) 3/23/96')
OSTYPE(solaris2)dnl
DOMAIN(generic)dnl
FEATURE(redirect)
FEATURE(always_add_domain)
FEATURE(use_cw_file)
FEATURE(local_procmail)
FEATURE(virtusertable, dbm -o /etc/mail/virtusertable)
# MAILER(local)dnl
MAILER(procmail)
MAILER(smtp)
HACK(check_mail3,`dbm -a@JUNK /etc/mail/deny')
HACK(use_ip,`/etc/mail/ip_allow')
HACK(use_names,`/etc/mail/name_allow')
HACK(use_relayto,`/etc/mail/relay_allow')
HACK(check_rcpt4)
HACK(check_relay3)
bash-2.01#
=========================
The sendmail.cf looks like this;

bash-2.01# cat sendmail.cf
#
# Copyright (c) 1983, 1995 Eric P. Allman
# Copyright (c) 1988, 1993
#       The Regents of the University of California.  All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
# 3. All advertising materials mentioning features or use of this software
#    must display the following acknowledgement:
#       This product includes software developed by the University of
#       California, Berkeley and its contributors.
# 4. Neither the name of the University nor the names of its contributors
#    may be used to endorse or promote products derived from this software
#    without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#

######################################################################
######################################################################
#####
#####           SENDMAIL CONFIGURATION FILE
#####
##### built by r...@user2.dancris.com on Sun Sep 27 11:53:03 MST 1998
##### in /home/m/mrawls/sendmail-8.8.8/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
######################################################################

#####  @(#)cfhead.m4    8.9 (Berkeley) 1/18/97  #####
#####  @(#)cf.m4        8.24 (Berkeley) 8/16/95  #####
#####  @(#)generic-sunos4.1.mc  8.3 (Berkeley) 3/23/96  #####

#####  @(#)solaris2.m4  8.9 (Berkeley) 9/25/96  #####

#####  @(#)generic.m4   8.3 (Berkeley) 3/24/96  #####

#####  @(#)redirect.m4  8.5 (Berkeley) 8/17/96  #####

#####  @(#)use_cw_file.m4       8.1 (Berkeley) 6/7/93  #####

#####  @(#)redirect.m4  8.5 (Berkeley) 8/17/96  #####

#####  @(#)always_add_domain.m4 8.1 (Berkeley) 6/7/93  #####

#####  @(#)use_cw_file.m4       8.1 (Berkeley) 6/7/93  #####

#####  @(#)local_procmail.m4    8.6 (Berkeley) 10/20/96  #####

#####  @(#)virtusertable.m4     8.1 (Berkeley) 2/11/96  #####

#

#####  @(#)check_mail.m4        3.3 (Claus Assmann) 1997-08-05  #####

#####  @(#)use_ip.m4    1.0 (Claus Assmann) 1996-11-23  #####

#####  @(#)use_names.m4 1.0 (Claus Assmann) 1996-11-23  #####

#####  @(#)use_relayto.m4       1.0 (Claus Assmann) 1996-11-23  #####

#####  @(#)check_rcpt4.m4       2.4 (Claus Assmann) 1997-08-28  #####

#####  @(#)check_relay.m4       3.0 (Claus Assmann) 1997-06-01  #####

#####  @(#)proto.m4     8.151 (Berkeley) 7/31/97  #####

# level 7 config file format
V7/Berkeley

##################
#   local info   #
##################

Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/sendmail.cw

# my official domain name
# ... define this only if sendmail cannot automatically determine your
domain
#Dj$w.Foo.COM

CP.

# "Smart" relay host (may be null)
DS

# place to which unknown users should be forwarded
#Kuser user -m -a<>
#DLname_of_luser_relay

# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !

# a class with just dot (for identifying canonical names)
C..

# a class with just a left bracket (for identifying domain literals)
C[[

# Mailer table (overriding domains)
#Kmailertable dbm /etc/mailertable

# Domain table (adding domains)
#Kdomaintable dbm /etc/domaintable

# Generics table (mapping outgoing addresses)
#Kgenerics dbm /etc/genericstable

# Virtual user table (maps incoming users)
Kvirtuser dbm -o /etc/mail/virtusertable

# who I send unqualified names to (null means deliver locally)
DR

# who gets all local email traffic ($R has precedence for unqualified
names)
DH

# dequoting map
Kdequote dequote

# class E: names that should be exposed as from this host, even if we
masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
#CL root
CE root

# who I masquerade as (null for no masquerading) (see also $=M)
DM

# my name for error messages
DnMAILER-DAEMON

CPREDIRECT

CPREDIRECT

# file containing full e-mail addresses of spammers (for check_mail):
# spam...@address.domain "Error-Code ...

read more »

 
 
 

Blocked ip not blocked - Spew.Spew.Net

Post by Claus Assma » Tue, 29 Sep 1998 04:00:00


"Michael Rawls" writes:
>bash-2.01# ./sendmail -bt
>> /map junk da.uu.net

>Sep 27 12:01:22 user2.dancris.com sendmail[16322]: MAA16322:

>.uu.net [208.251.117.149]

Do you really run sendmail 8.8.8?
Please try this:
Add
S76
R$* $$| $*      $1 $| $2        fake for -bt

to your .cf file and then run:
sendmail -bt -d0.5 -d21.4

Quote:> 76,check_relay 1Cust149.tnt3.lax1.da.uu.net $| 208.251.117.149

What's the output of that?

PS: sendmail .cf files shouldn't be posted, nobody reads them...
--
<URL: http://www.informatik.uni-kiel.de/%7Eca/ >
Please don't send me copies of usenet postings. Thanks!
Warning: the From: address is "spam protected". Make sure
you use "reply" if you want to send me e-mail.

 
 
 

Blocked ip not blocked - Spew.Spew.Net

Post by Michael Rawl » Tue, 29 Sep 1998 04:00:00



Quote:> Do you really run sendmail 8.8.8?

  I switched to sendmail 8.8.8 with the anti-relay hacks installed to see
if it would block "da.uu.net" after Sendmail 8.9.1 let "da.uu.net" pass
right through, but I am having the same problem with Sendmail 8.8.8.  I'll
try what you just suggested later today and post the reults.  
 So far both sendmail 8.8.8 with anti relay and Sendmail 8.9.1 will block a
domain name if it is in the return address of the spam, but not if the
return address does not contain the blocked connect domain. (ex. From:

da.uu.net is the blocked domain)  Anti-relay does work. I have my
suspicions about blocking by ip address, but I'm not sure about that one
yet.

Michael Rawls

 
 
 

Blocked ip not blocked - Spew.Spew.Net

Post by Michael Rawl » Tue, 29 Sep 1998 04:00:00



Quote:> Please try this:
> Add
> S76
> R$* $$| $* $1 $| $2        fake for -bt

> to your .cf file and then run:
> sendmail -bt -d0.5 -d21.4
> > 76,check_relay 1Cust149.tnt3.lax1.da.uu.net $| 208.251.117.149

> What's the output of that?

===========
As requested..
===========

bash-2.01# ./sendmail -bt -d0.5 -d21.4
Version 8.8.8
 Compiled with: LOG MATCHGECOS MIME7TO8 MIME8TO7 NAMED_BIND NDBM NETINET
                NETUNIX QUEUE SCANF SMTP XDEBUG
canonical name: user2.dancris.com
        a.k.a.: user2
 UUCP nodename: user2.dancris.com
        a.k.a.: user2
        a.k.a.: loghost
        a.k.a.: [204.177.80.12]
        a.k.a.: [127.0.0.1]
        a.k.a.: [204.177.81.12]
        a.k.a.: [204.177.82.12]
        a.k.a.: ip-82-12.phx.dialup.dancris.com

============ SYSTEM IDENTITY (after readcf) ============
      (short domain name) $w = user2
  (canonical domain name) $j = user2.dancris.com
         (subdomain name) $m = dancris.com
              (node name) $k = user2.dancris.com
========================================================

ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>

Quote:> 76,check_relay 1Cust149.tnt3.lax1.da.uu.net $| 208.251.117.149

rewrite: ruleset  76   input: 1Cust149 . tnt3 . lax1 . da . uu . net $| 208
 251 . 117 . 149
rewritten as: 1Cust149 . tnt3 . lax1 . da . uu . net $| 208 . 251 . 117 .
149
rewrite: ruleset  76 returns: 1Cust149 . tnt3 . lax1 . da . uu . net $| 208
 251 . 117 . 149
rewrite: ruleset 191   input: 1Cust149 . tnt3 . lax1 . da . uu . net $| 208
 251 . 117 . 149
-----callsubr junkIP (192)
rewrite: ruleset 192   input: 208 . 251 . 117 . 149
rewritten as: 208 . 251 . 117 . 149
rewritten as: 208 . 251 . 117 . 149
rewritten as: 208 . 251 . 117 . 149
rewritten as: 208 . 251 . 117 . 149
rewrite: ruleset 192 returns: 208 . 251 . 117 . 149
rewritten as: 1Cust149 . tnt3 . lax1 . da . uu . net $| 208 . 251 . 117 .
149
-----callsubr junk (196)



-----callsubr junk (196)



-----callsubr junk (196)



-----callsubr junk (196)




JUNK >


JUNK >


JUNK >


JUNK >



Dancris SysAdmin
 
 
 

Blocked ip not blocked - Spew.Spew.Net

Post by Steffen Kirsch » Wed, 30 Sep 1998 04:00:00




>"Michael Rawls" writes:

>>bash-2.01# ./sendmail -bt
>>> /map junk da.uu.net

>>Sep 27 12:01:22 user2.dancris.com sendmail[16322]: MAA16322:


>>.uu.net [208.251.117.149]

>Do you really run sendmail 8.8.8?
>Please try this:
>Add
>S76
>R$* $$| $*  $1 $| $2        fake for -bt

>to your .cf file and then run:
>sendmail -bt -d0.5 -d21.4
>> 76,check_relay 1Cust149.tnt3.lax1.da.uu.net $| 208.251.117.149

>What's the output of that?

I had a similar problem. In ruletesmode everything looked fine. But
when trying it over a "real" smtp connection the check_relay
rulset failed. Why? I still don't know. I've seen, that the map-lookup
went wrong because the query-string was passed tokenized, what means,
there was a lookup just for the first token. (In the case above this
would have been "1Cust149".

Next thing I tried: compile 8.9.1, use the olk sendmail.cf
and: It worked as expected.

regards

steffen.

p.s. It were only too days of searching the problem and wasting
time :-(

- Show quoted text -

 
 
 

Blocked ip not blocked - Spew.Spew.Net

Post by Claus Assma » Wed, 30 Sep 1998 04:00:00


"Michael Rawls" writes:
>bash-2.01# ./sendmail -bt -d0.5 -d21.4
>Version 8.8.8
>> 76,check_relay 1Cust149.tnt3.lax1.da.uu.net $| 208.251.117.149


So now we know it works in principle...
And you run 8.8.8, so you don't have the problem with maps
that are not open in check_relay.

Hmm... now it's getting complicated.

You could try it now in daemon mode:

add a domain to the class and try to connect from there.
To get useful information, run the sendmail daemon on
another port and with debugging turned on:
sendmail -bD -d21.4 -O DaemonPortOptions=Port=1234
(maybe also other debug flags, depending on the output
you see).

There must be some problem with your binary
(see another posting about this, but you wrote the
same error occurs with 8.9...).
--
<URL: http://www.informatik.uni-kiel.de/%7Eca/ >
Please don't send me copies of usenet postings. Thanks!
Warning: the From: address is "spam protected". Make sure
you use "reply" if you want to send me e-mail.

 
 
 

Blocked ip not blocked - Spew.Spew.Net

Post by Eelco M Glas » Wed, 14 Oct 1998 04:00:00



> "Michael Rawls" writes:

> >bash-2.01# ./sendmail -bt -d0.5 -d21.4
> >Version 8.8.8

> >> 76,check_relay 1Cust149.tnt3.lax1.da.uu.net $| 208.251.117.149

> So now we know it works in principle...
> And you run 8.8.8, so you don't have the problem with maps
> that are not open in check_relay.

hello all,

sorry for the delayed follow-up, i just came accros this posting looking
for the solution of a similar problem.  i found one:

when running 'sendmail -bt -d0.5 -d21.4' (whith sendmail-8.9.1a) i got:

/map access some.host.name.xyz
map "access" not open.

then i realized that i built sendmail with db-2.4.10 but didn't do the
same with makemap.  so after rebuilding makemap with
"-I/usr/local/include" and "-L/usr/local/lib" both sendmail and makemap
where using the same db-version and the access.db worked again..

hope this helps with 8.8.8 too,
emg

Quote:> Hmm... now it's getting complicated.

> You could try it now in daemon mode:

> add a domain to the class and try to connect from there.
> To get useful information, run the sendmail daemon on
> another port and with debugging turned on:
> sendmail -bD -d21.4 -O DaemonPortOptions=Port=1234
> (maybe also other debug flags, depending on the output
> you see).

> There must be some problem with your binary
> (see another posting about this, but you wrote the
> same error occurs with 8.9...).
> --
> <URL: http://www.informatik.uni-kiel.de/%7Eca/ >
> Please don't send me copies of usenet postings. Thanks!
> Warning: the From: address is "spam protected". Make sure
> you use "reply" if you want to send me e-mail.

--
#  Eelco M. Glasl, System Engineer   TechConsult Salzburg GmbH  #
#  Jakob-Haringer-Strasse 1          Web: http://www.tcs.co.at  #
#  A-5020 Salzburg / Austria         Phone: ++43.662.452488-42  #
 
 
 

1. ANNOUNCE: Utility to keep MS Exchange from accidentally spewing rich text

I have written a utility, Rich Text Sentry, to help prevent Microsoft Exchange
from sending its Exchange-format rich text messages - those ever-popular
blocks of hexadecimal gibberish, much loved on Internet mailing lists - to
Internet recipients not using Exchange.

Rich Text Sentry is available at http://www.halcyon.com/goetter/rtfguard.htm.

--
Ben Goetter, Angry Greycat Designs
http://www.halcyon.com/goetter/

2. IBM Displaywriters?

3. Who is SPEWS and where to find them

4. FREE TCP/UDP PORT ?

5. usefulness of backup MX hosts (was Re: Spewing through backup MX machines?)

6. Sorry for multiple posting (WAS: Books for Beginners)

7. UUCP mail spew -- postfix SOLUTION

8. PlexWriter 12/10/32a DMA/PIO mode

9. SPEWS question

10. Block incoming mail to mydomain.com if not from allowd IP addresses - How ?

11. Blocked messages...how to delete them from blocked messege folder

12. Blocked sender's list blocks friends