running sendmail 8.14.0
In sendmail.mc I have
OSTYPE(linux)dnl
DOMAIN(generic)dnl
FEATURE(`use_cw_file')dnl
FEATURE(`access_db')dnl
FEATURE(`block_bad_helo')dnl
FEATURE(`badmx')dnl
FEATURE(`greet_pause',`3000')dnl
But when I telnet to port 25 from another (not local) system and use
just a hostname in ehlo, it does not complain. If I continue and issue
MAIL, RCPT and DATA commands, the email is delivered.
graham@gmdev ~ $ telnet newton.gmurray.org.uk 25
Trying 2001:8b0:57:1:250:8dff:fee7:7fcc...
Connected to newton.gmurray.org.uk.
Escape character is '^]'.
220 newton.gmurray.org.uk ESMTP Sendmail 8.14.0/8.14.0; Sun, 4 Feb 2007 21:40:06 GMT
ehlo gmdev
250-newton.gmurray.org.uk Hello graham@[IPv6:2002:3e08:73ca:0:208:a1ff:fe0b:9bec], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
> But when I telnet to port 25 from another (not local) system and use
> just a hostname in ehlo, it does not complain. If I continue and issue
> MAIL, RCPT and DATA commands, the email is delivered.
> ...
> graham@gmdev ~ $ telnet newton.gmurray.org.uk 25
> ...
> ehlo gmdev
> 250-newton.gmurray.org.uk ...
Just a guess, but is Newton configured to accept to relay mail for
Gmdev, either by being in the same domain, or the same address space?
--
----------------------------------------------------------------------
Sylvain Robitaille s...@alcor.concordia.ca
Systems and Network analyst / Postmaster Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------
It's not working for me either, and I've tried telnetting in from multiple
machines that are not in my domain and are not allowed to relay via IP (I
have no 'relay-domains' file or relaying entries in 'access'). I am also
not using SMTP AUTH for these tests.
I think something is broken with the feature. Perhaps there's some
undocumented ordering requirement in the .mc file? Here's mine (with
semi-sensitive pathnames replaced with "[...]"):
==== CUT HERE ====
VERSIONID(`sendmail.mc for harkless.org')
OSTYPE(linux)dnl
DOMAIN(generic)dnl
FEATURE(`access_db')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`block_bad_helo')dnl
FEATURE(`limited_masquerade')dnl
FEATURE(`local_procmail', `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`no_default_msa')dnl
FEATURE(`redirect')dnl
FEATURE(`smrsh')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`virtusertable')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confAUTH_OPTIONS', `A,p')dnl
define(`confCACERT_PATH', `[...]')dnl
define(`confCACERT', `[...]')dnl
define(`confDOMAIN_NAME', `harkless.org')dnl
define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl
define(`confPRIVACY_FLAGS', `authwarnings,noactualrecipient,novrfy,restrictqrun')dnl
define(`confSERVER_CERT', `[...]')dnl
define(`confSERVER_KEY', `[...]')dnl
DAEMON_OPTIONS(`Name=MTA')dnl
DAEMON_OPTIONS(`Port=465, Name=SSA, M=s')dnl
INPUT_MAIL_FILTER(`spf-milter',`S=local:[...], T=C:5m;S:1m;R:1m;E:5m')dnl
INPUT_MAIL_FILTER(`dnsbl',`S=local:[...], T=C:5m;S:1m;R:1m;E:5m')dnl
INPUT_MAIL_FILTER(`greylist',`S=local:[...], T=C:5m;S:1m;R:1m;E:5m')
MASQUERADE_AS(`harkless.org')dnl
MASQUERADE_DOMAIN(`www.harkless.org')dnl
TRUST_AUTH_MECH(confAUTH_MECHANISMS)dnl
dnl * MAILERs go last:
MAILER(procmail)dnl
MAILER(smtp)dnl
LOCAL_CONFIG
# Changed this from Andrzej Filip's version in
# http://groups.google.com/group/comp.mail.sendmail/msg/341be9a3eef87cd5 to make
# '.' be the additional plussed user character rather than '-' and '_'. Also
# put '+' into the character classes because otherwise it'll do needless
# mangling, e.g. user+domain.tld -> user+domain+tld. Also changed the (.+) to
# (.*) to allow a trailing '.' character (blank plussed user string) just as a
# trailing '+' is allowed. Note the TAB before the $: must be maintained!
Kplus regex -d+ -s1,2 ^([^+.]+)[+.](.*)$
LOCAL_RULE_0
R$* <@ $=w. > $* $: $(plus $1 $) <@$2.> $3
==== CUT HERE ====
The feature is indeed getting into the .cf file, so I'm not sure what's
going on:
==== CUT HERE ====
[...]
R<$*> <$*> $: $2
R$* $: $1 $| <$&{auth_authen}> Get auth info
R$* $| <$+> $: $1 skip if auth
R$* $| <$*> $: $1 $| <$&{client_addr}> [$&s] Get connection info
R$* $| <$=R $*> [$*] $: $1 skip if local client
R$* $| <0> [$*] $: $1 skip if sendmail -bs
R$* $| <$*> $=w $#error $@ 5.7.1 $:"550 bogus HELO name used: " $&s
R$* $| <$*> [$=w] $#error $@ 5.7.1 $:"550 bogus HELO name used: " $&s
R$* $| <$*> [$+.$+] $: $1 qualified domain ok
R$* $| <$*> [$*] $#error $@ 5.7.1 $:"550 bogus HELO name used: " $&s
R$* $| $* $: $1
######################################################################
### F: LookUpFull -- search for an entry in access database
[...]
==== CUT HERE ====
--
Dan Harkless
http://harkless.org/dan/
<cut>
Hi all,
Just wondering.. does someone came up with a solution?
Danny
Based on what I read in the block_bad_helo.m4 file it doesn't do much.
There must be more to it I haven't found than just this:
divert(0)dnl
VERSIONID(`$Id: block_bad_helo.m4,v 1.1 2006/06/15 22:49:30 ca Exp $')
divert(-1)
define(`_BLOCK_BAD_HELO_', `')dnl
RELAY_DOMAIN(`127.0.0.1')dnl
LOCAL_DOMAIN(`[127.0.0.1]')dnl
Care to post your mc file? I'll accept it in email if you prefer, as it
works, and worked on earlier versions when it was a hack.
I'd like to try reproduce your problem
--
Cheers
Res
"We can be Heroes, just for one day" - Davey (Jones) Bowie
> Care to post your mc file? I'll accept it in email if you prefer, as
> it works, and worked on earlier versions when it was a hack.
> I'd like to try reproduce your problem
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail-procmail.mc,v 1.2 2004/12/07 01:59:31 g2boojum Exp $')dnl
OSTYPE(linux)dnl
DOMAIN(generic)dnl
FEATURE(`use_cw_file')dnl
FEATURE(`access_db')dnl
FEATURE(`block_bad_helo')dnl
FEATURE(`badmx')dnl
FEATURE(`greet_pause',`3000')dnl
FEATURE(`require_rdns')dnl
FEATURE(`local_procmail', `/usr/bin/procmail')dnl
define(`confPRIVACY_FLAGS', `goaway,nobodyreturn')dnl
define(`confLOG_LEVEL', `14')dnl
define(`CERT_DIR', `MAIL_SETTINGS_DIR/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/cacert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl
INPUT_MAIL_FILTER(`dkim-filter', `S=inet:8891@localhost, T=S:4m;R:4m')dnl
INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl
INPUT_MAIL_FILTER(`spfmilter', `S=local:/var/run/spfmilter.sock, T=S:4m;R:4m')dnl
DAEMON_OPTIONS(`Family=inet6')dnl
CLIENT_OPTIONS(`Family=inet6')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
The feature files usualy just turn on code thats been "ifdef" in cf/m4/
proto.m4
On Sun, 25 Feb 2007, Graham Murray wrote:
> Res <r...@ausics.net> writes:
>
>> Care to post your mc file? I'll accept it in email if you prefer, as
>> it works, and worked on earlier versions when it was a hack.
>> I'd like to try reproduce your problem
>
>
> FEATURE(`access_db')dnl
> FEATURE(`block_bad_helo')dnl
> FEATURE(`badmx')dnl
> FEATURE(`greet_pause',`3000')dnl
> FEATURE(`require_rdns')dnl
> FEATURE(`local_procmail', `/usr/bin/procmail')dnl
******** About here include :
FEATURE(`delay_checks')dnl
and your problems will be solved........
~$ telnet fox 25
Trying 192.168.0.254...
Connected to fox.
Escape character is '^]'.
220 fox.ausics.net ESMTP Sendmail 8.14.0/8.14.0; Sun, 25 Feb 2007 13:28:03
+1000
helo tester
250 fox.ausics.net Hello roswell.ausics.net [192.168.0.150], pleased to
meet you
mail from: r...@ausics.net
250 2.1.0 r...@ausics.net... Sender ok
rcpt to: r...@ausics.net
550 5.7.1 r...@ausics.net... bogus HELO name used: tester
**** added the ip range back into relay-domains and....
~$ telnet fox 25
Trying 192.168.0.254...
Connected to fox.
Escape character is '^]'.
220 fox.ausics.net ESMTP Sendmail 8.14.0/8.14.0; Sun, 25 Feb 2007 13:31:10
+1000
helo tester-in-relays.domains
250 fox.ausics.net Hello roswell.ausics.net [192.168.0.150], pleased to
meet you
mail from: r...@ausics.net
250 2.1.0 r...@ausics.net... Sender ok
rcpt to: r...@ausics.net
250 2.1.5 r...@ausics.net... Recipient ok
Enjoy :)
Thank you, its working now :-)
Danny
>> ******** About here include :
>> FEATURE(`delay_checks')dnl
>>
>> and your problems will be solved........
>>
> Thank you, its working now :-)
>
No problems :)