1. Forum
  2. Usenet
  3. COMP.MAIL.SENDMAIL

  • FEATURE dnsbl doesn't do anything

    From Marco Moock@21:1/5 to All on Thu Nov 23 19:46:23 2023
    Hello!

    On a test system I am trying to implement dnsbl.

    Although, there are no DNS lookups at all for it.
    Other DNS lookups like PTR are there (verified with a network sniffer).

    Also, there is no DNS cache on that system.


    divert(0)dnl
    define(`_USE_ETC_MAIL_')dnl
    include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
    VERSIONID(`$Id: sendmail.mc, v 8.17.1.9-2 2023-01-11 23:26:28 cowboy
    Exp $') OSTYPE(`debian')dnl
    DOMAIN(`debian-mta')dnl
    FEATURE(`no_default_msa')dnl
    DAEMON_OPTIONS(`Family=inet6, Name=MTA, Port=smtp')dnl define(`confPRIVACY_FLAGS', `needmailhelo,noetrn,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl
    define(`confTO_IDENT', `0')dnl define(`confCONNECTION_RATE_THROTTLE',
    `15')dnl define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl FEATURE(`always_add_domain')dnl
    FEATURE(nocanonify)dnl
    FEATURE(`use_cw_file')dnl
    FEATURE(`access_db',, `relaytofulladdress')dnl FEATURE(`blocklist_recipients')dnl
    define(`confBAD_RCPT_THROTTLE',`3')dnl
    FEATURE(`dnsbl', `dnsbl-1.uceprotect.net')dnl
    MAILER_DEFINITIONS
    MAILER(`local')dnl
    MAILER(`smtp')dnl

    I used ncat 127.0.0.1 25 -s 127.0.0.2 to connect (the dnsbl being used
    has that localhost IP listed for testing).

    --
    kind regards
    Marco

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Marco Moock on Fri Nov 24 01:07:30 2023
    Marco Moock wrote:

    FEATURE(`dnsbl', `dnsbl-1.uceprotect.net')dnl

    I used ncat 127.0.0.1 25 -s 127.0.0.2 to connect (the dnsbl being used
    has that localhost IP listed for testing).

    What was the SMTP dialogue?
    What was logged about it?

    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Fri Nov 24 09:18:20 2023
    Am 24.11.2023 um 01:07:30 Uhr schrieb Claus Aßmann:

    Marco Moock wrote:

    FEATURE(`dnsbl', `dnsbl-1.uceprotect.net')dnl

    I used ncat 127.0.0.1 25 -s 127.0.0.2 to connect (the dnsbl being
    used has that localhost IP listed for testing).

    What was the SMTP dialogue?

    root@test:/home/m# ncat 127.0.0.1 25 -s 127.0.0.2
    220 test.dorfdsl.de ESMTP Sendmail 8.17.1.9/8.17.1.9/Debian-2; Fri, 24 Nov 2023 09:14:24 +0100; (No UCE/UBE) logging access from: [127.0.0.2](FAIL)-[127.0.0.2]
    helo localhost
    250 test.dorfdsl.de Hello [127.0.0.2], pleased to meet you
    mail from:<>
    250 2.1.0 <>... Sender ok
    rcpt to:<root>
    250 2.1.5 <root>... Recipient ok
    data
    354 Enter mail, end with "." on a line by itself
    test
    .
    250 2.0.0 3AO8EON0000623 Message accepted for delivery
    quit
    221 2.0.0 test.dorfdsl.de closing connection

    What was logged about it?

    Nothing about dnsbl

    Nov 24 09:14:40 test sm-mta[623]: 3AO8EON0000623: from=<>, size=5, class=0, nrcpts=1, msgid=<202311240814.3AO8EON0000623@test.dorfdsl.de>, proto=SMTP, daemon=MTA, relay=[127.0.0.2]
    Nov 24 09:14:40 test sm-mta[624]: 3AO8EON0000623: to=<root>,
    delay=00:00:02, xdelay=00:00:00, mailer=local, pri=30279, dsn=2.0.0, stat=Sent


    Config is in the cf file and machine has been restarted since yesterday.

    root@test:/home/m# grep dns /etc/mail/sendmail.cf
    ##### $Id: dnsbl.m4,v 8.34 2013-11-22 20:51:11 ca Exp $ #####
    Kdnsbl dns -R A -T<TMP>
    # DNS based IP address spam list dnsbl-1.uceprotect.net
    R$-.$-.$-.$- $: <?> $(dnsbl $4.$3.$2.$1.dnsbl-1.uceprotect.net. $: OK $)
    R<?>$+ $#error $@ 5.7.1 $: "550 Rejected: " $&{client_addr} " listed at dnsbl-1.uceprotect.net"
    # FEATURE(`dnsbl', `dnsbl-1.uceprotect.net')dnl

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Sat Nov 25 12:22:45 2023
    Am 23.11.2023 um 19:46:23 Uhr schrieb Marco Moock:

    FEATURE(`access_db',, `relaytofulladdress')dnl

    That was the issue because
    Connect:127 RELAY
    disabled those checks. I could have known that...

    The next strange thing is that it doesn't do dnsbl checks for IPv6,
    even when it is an address that isn't listed in accessdb.

    Is that behavior normal?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Marco Moock on Sat Nov 25 13:16:05 2023
    Marco Moock wrote:

    The next strange thing is that it doesn't do dnsbl checks for IPv6,

    Is that behavior normal?

    Yes, the rules work only for IPv4 addresses.

    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)