1. Forum
  2. Usenet
  3. COMP.MAIL.SENDMAIL

  • Weird issue scanning subject lines to reject/discard the email

    From Jobst Schmalenbach@21:1/5 to All on Fri Jun 18 17:50:53 2021
    I have this part of my LOCAL_RULESETS in my sendmail.mc.
    There are NO ERRORS reported when creating sendmail.cf.

    F{FullSubjects} -o /etc/mail/subjects_full
    F{PartSubjects} -o /etc/mail/subjects_part
    HSubject: $>CheckSubject
    SCheckSubject
    R$={FullSubjects}$*[TAB]$: REJECTSUBJECT
    R$* $={PartSubjects} $*[TAB]$: REJECTSUBJECT
    R$* REJECTSUBJECT $*[TAB]$#error $: "553 Access Denied."

    In subjects_part I have lots of lines, but for the purpose of this question I give a few examples only (the ones that matter):

    bamboo.fiber
    its.freya
    better.ranking
    free.report
    free.audit
    free.analysis
    bamboo.socks

    Now ssh'ing into another machine and I use
    mail -s "BambOo socks" EMAIL@MYDOMAIN.COM < MSGBODYFILE
    mail -s "blah Better ranking blah" EMAIL@MYDOMAIN.COM < MSGBODYFILE
    mail -s "better ranking" EMAIL@MYDOMAIN.COM < MSGBODYFILE

    the ruleset works perfectly and the email is rejected.
    MSGBODYFILE is just a text file containg a few lines of random TXT.

    If I use
    mail -s "free report" EMAIL@MYDOMAIN.COM < MSGBODYFILE
    mail -s "free audit" EMAIL@MYDOMAIN.COM < MSGBODYFILE
    mail -s "blah free audit blah" EMAIL@MYDOMAIN.COM < MSGBODYFILE

    the ruleset does NOT work, the email will be accepted.

    I have absolute no idea why. I tried a few other examples inside the subjects_part file and most of them work, a few do not.

    I cannot figure out what the difference is between
    better.ranking
    and
    free.audit
    both are TEXT, both are in the same file, both are used using the SAME command, same computer, same OS, same everything.

    The only difference are a few chars.

    Please help, I cannot spot the difference.
    Also how could I debug this?

    thanks
    Jobst

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Jobst Schmalenbach on Sat Jun 19 09:00:39 2021
    Jobst Schmalenbach wrote:

    F{FullSubjects} -o /etc/mail/subjects_full

    Do not use -o, you want to get an error if there is a problem loading
    the file, right?

    I have absolute no idea why. I tried a few other examples inside the subjects_part
    file and most of them work, a few do not.

    Did you change the file after you started the daemon?

    Also how could I debug this?

    As a start you could log the input for the ruleset, something like:

    Klog syslog
    ...
    SCheckSubject
    R$* $: $(log subject:$1 $) $1
    ...

    Recent sendmail versions have an FFR to dynamically change debugging
    levels, that could be the next step.
    _FFR_SETDEBUG_MAP /* setdebug map -- set debug levels */
    But sendmail -bt testing could be sufficient.


    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jobst Schmalenbach@21:1/5 to All on Mon Jun 21 06:24:43 2021
    On Saturday, 19 June 2021 at 19:05:01 UTC+10, Claus Aßmann wrote:
    Jobst Schmalenbach wrote:
    ...
    SCheckSubject
    R$* $: $(log subject:$1 $) $1
    ...

    I have a few milters running so I have access to the subject line through them. However, this way I can see the exact string as it is parsed.
    So thanks, Claus.


    Recent sendmail versions have an FFR to dynamically change debugging
    levels, that could be the next step.
    _FFR_SETDEBUG_MAP /* setdebug map -- set debug levels */

    I am bound to CentOS rpms ... I know I can compile a version myself but
    due to time restrictions I just use what is provided, my version is 8.14

    But sendmail -bt testing could be sufficient.

    This is a main server, so I need to do this when load is low.

    The orginal file had >1400 lines in it as I appended new spam (subject) lines to the end of the file. I have currently chopped it down to ~950 (mostly from the beginning).

    It currently seems to work ... it is rejecting happily all of the lines I have appended lately (last 2 months).
    I will replace it with the original file and use the "-bt" switch and see what happens.

    thanks

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Jobst Schmalenbach on Mon Jun 21 17:48:24 2021
    Jobst Schmalenbach wrote:

    But sendmail -bt testing could be sufficient.

    This is a main server, so I need to do this when load is low.

    sendmail -bt doesn't add any load, it's just a command line "debugging"
    tool. Check the man page (and the content of "helpfile").
    You can even copy the binary, the cf file, your "subject" files, etc
    to another machine (same OS etc) for testing.


    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)