Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

block_bad_helo does not seem to work

75 views
Skip to first unread message

Graham Murray

unread,
Feb 4, 2007, 4:46:04 PM2/4/07
to
Either I have not understood what this is supposed to do, have done
something wrong, or it is not working properly for me.

running sendmail 8.14.0

In sendmail.mc I have

OSTYPE(linux)dnl
DOMAIN(generic)dnl
FEATURE(`use_cw_file')dnl
FEATURE(`access_db')dnl
FEATURE(`block_bad_helo')dnl
FEATURE(`badmx')dnl
FEATURE(`greet_pause',`3000')dnl

But when I telnet to port 25 from another (not local) system and use
just a hostname in ehlo, it does not complain. If I continue and issue
MAIL, RCPT and DATA commands, the email is delivered.

graham@gmdev ~ $ telnet newton.gmurray.org.uk 25
Trying 2001:8b0:57:1:250:8dff:fee7:7fcc...
Connected to newton.gmurray.org.uk.
Escape character is '^]'.
220 newton.gmurray.org.uk ESMTP Sendmail 8.14.0/8.14.0; Sun, 4 Feb 2007 21:40:06 GMT
ehlo gmdev
250-newton.gmurray.org.uk Hello graham@[IPv6:2002:3e08:73ca:0:208:a1ff:fe0b:9bec], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP

Sylvain Robitaille

unread,
Feb 5, 2007, 2:53:39 PM2/5/07
to
Graham Murray wrote:

> But when I telnet to port 25 from another (not local) system and use
> just a hostname in ehlo, it does not complain. If I continue and issue
> MAIL, RCPT and DATA commands, the email is delivered.

> ...


> graham@gmdev ~ $ telnet newton.gmurray.org.uk 25

> ...
> ehlo gmdev
> 250-newton.gmurray.org.uk ...

Just a guess, but is Newton configured to accept to relay mail for
Gmdev, either by being in the same domain, or the same address space?

--
----------------------------------------------------------------------
Sylvain Robitaille s...@alcor.concordia.ca

Systems and Network analyst / Postmaster Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------

Dan Harkless

unread,
Feb 17, 2007, 6:48:15 PM2/17/07
to
Sylvain Robitaille wrote:
> Graham Murray wrote:
> > But when I telnet to port 25 from another (not local) system and use
> > just a hostname in ehlo, it does not complain. If I continue and issue
> > MAIL, RCPT and DATA commands, the email is delivered.
> > ...
> > graham@gmdev ~ $ telnet newton.gmurray.org.uk 25
> > ...
> > ehlo gmdev
> > 250-newton.gmurray.org.uk ...
>
> Just a guess, but is Newton configured to accept to relay mail for
> Gmdev, either by being in the same domain, or the same address space?

It's not working for me either, and I've tried telnetting in from multiple
machines that are not in my domain and are not allowed to relay via IP (I
have no 'relay-domains' file or relaying entries in 'access'). I am also
not using SMTP AUTH for these tests.

I think something is broken with the feature. Perhaps there's some
undocumented ordering requirement in the .mc file? Here's mine (with
semi-sensitive pathnames replaced with "[...]"):

==== CUT HERE ====
VERSIONID(`sendmail.mc for harkless.org')
OSTYPE(linux)dnl
DOMAIN(generic)dnl
FEATURE(`access_db')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`block_bad_helo')dnl
FEATURE(`limited_masquerade')dnl
FEATURE(`local_procmail', `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`no_default_msa')dnl
FEATURE(`redirect')dnl
FEATURE(`smrsh')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`virtusertable')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confAUTH_OPTIONS', `A,p')dnl
define(`confCACERT_PATH', `[...]')dnl
define(`confCACERT', `[...]')dnl
define(`confDOMAIN_NAME', `harkless.org')dnl
define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl
define(`confPRIVACY_FLAGS', `authwarnings,noactualrecipient,novrfy,restrictqrun')dnl
define(`confSERVER_CERT', `[...]')dnl
define(`confSERVER_KEY', `[...]')dnl
DAEMON_OPTIONS(`Name=MTA')dnl
DAEMON_OPTIONS(`Port=465, Name=SSA, M=s')dnl
INPUT_MAIL_FILTER(`spf-milter',`S=local:[...], T=C:5m;S:1m;R:1m;E:5m')dnl
INPUT_MAIL_FILTER(`dnsbl',`S=local:[...], T=C:5m;S:1m;R:1m;E:5m')dnl
INPUT_MAIL_FILTER(`greylist',`S=local:[...], T=C:5m;S:1m;R:1m;E:5m')
MASQUERADE_AS(`harkless.org')dnl
MASQUERADE_DOMAIN(`www.harkless.org')dnl
TRUST_AUTH_MECH(confAUTH_MECHANISMS)dnl
dnl * MAILERs go last:
MAILER(procmail)dnl
MAILER(smtp)dnl
LOCAL_CONFIG
# Changed this from Andrzej Filip's version in
# http://groups.google.com/group/comp.mail.sendmail/msg/341be9a3eef87cd5 to make
# '.' be the additional plussed user character rather than '-' and '_'. Also
# put '+' into the character classes because otherwise it'll do needless
# mangling, e.g. user+domain.tld -> user+domain+tld. Also changed the (.+) to
# (.*) to allow a trailing '.' character (blank plussed user string) just as a
# trailing '+' is allowed. Note the TAB before the $: must be maintained!
Kplus regex -d+ -s1,2 ^([^+.]+)[+.](.*)$
LOCAL_RULE_0
R$* <@ $=w. > $* $: $(plus $1 $) <@$2.> $3
==== CUT HERE ====

The feature is indeed getting into the .cf file, so I'm not sure what's
going on:

==== CUT HERE ====
[...]
R<$*> <$*> $: $2


R$* $: $1 $| <$&{auth_authen}> Get auth info
R$* $| <$+> $: $1 skip if auth
R$* $| <$*> $: $1 $| <$&{client_addr}> [$&s] Get connection info
R$* $| <$=R $*> [$*] $: $1 skip if local client
R$* $| <0> [$*] $: $1 skip if sendmail -bs
R$* $| <$*> $=w $#error $@ 5.7.1 $:"550 bogus HELO name used: " $&s
R$* $| <$*> [$=w] $#error $@ 5.7.1 $:"550 bogus HELO name used: " $&s
R$* $| <$*> [$+.$+] $: $1 qualified domain ok
R$* $| <$*> [$*] $#error $@ 5.7.1 $:"550 bogus HELO name used: " $&s
R$* $| $* $: $1


######################################################################
### F: LookUpFull -- search for an entry in access database
[...]
==== CUT HERE ====

--
Dan Harkless
http://harkless.org/dan/

Danny

unread,
Feb 23, 2007, 2:44:55 PM2/23/07
to
Dan Harkless wrote:
> Sylvain Robitaille wrote:
>> Graham Murray wrote:
>>> But when I telnet to port 25 from another (not local) system and use
>>> just a hostname in ehlo, it does not complain. If I continue and issue
>>> MAIL, RCPT and DATA commands, the email is delivered.
>>> ...
>>> graham@gmdev ~ $ telnet newton.gmurray.org.uk 25
>>> ...
>>> ehlo gmdev
>>> 250-newton.gmurray.org.uk ...
>> Just a guess, but is Newton configured to accept to relay mail for
>> Gmdev, either by being in the same domain, or the same address space?
>
> It's not working for me either, and I've tried telnetting in from multiple
> machines that are not in my domain and are not allowed to relay via IP (I
> have no 'relay-domains' file or relaying entries in 'access'). I am also
> not using SMTP AUTH for these tests.
>
> I think something is broken with the feature. Perhaps there's some
> undocumented ordering requirement in the .mc file? Here's mine (with
> semi-sensitive pathnames replaced with "[...]"):
>

<cut>


Hi all,

Just wondering.. does someone came up with a solution?

Danny

Dennis Peterson

unread,
Feb 24, 2007, 2:35:59 PM2/24/07
to
Graham Murray wrote:
> Either I have not understood what this is supposed to do, have done
> something wrong, or it is not working properly for me.
>
> running sendmail 8.14.0
>

Based on what I read in the block_bad_helo.m4 file it doesn't do much.
There must be more to it I haven't found than just this:

divert(0)dnl
VERSIONID(`$Id: block_bad_helo.m4,v 1.1 2006/06/15 22:49:30 ca Exp $')
divert(-1)

define(`_BLOCK_BAD_HELO_', `')dnl
RELAY_DOMAIN(`127.0.0.1')dnl
LOCAL_DOMAIN(`[127.0.0.1]')dnl

Res

unread,
Feb 24, 2007, 6:52:14 PM2/24/07
to


Care to post your mc file? I'll accept it in email if you prefer, as it
works, and worked on earlier versions when it was a hack.
I'd like to try reproduce your problem


--
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


Graham Murray

unread,
Feb 24, 2007, 7:59:27 PM2/24/07
to
Res <r...@ausics.net> writes:

> Care to post your mc file? I'll accept it in email if you prefer, as
> it works, and worked on earlier versions when it was a hack.
> I'd like to try reproduce your problem


include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail-procmail.mc,v 1.2 2004/12/07 01:59:31 g2boojum Exp $')dnl


OSTYPE(linux)dnl
DOMAIN(generic)dnl
FEATURE(`use_cw_file')dnl

FEATURE(`access_db')dnl
FEATURE(`block_bad_helo')dnl


FEATURE(`badmx')dnl
FEATURE(`greet_pause',`3000')dnl

FEATURE(`require_rdns')dnl
FEATURE(`local_procmail', `/usr/bin/procmail')dnl
define(`confPRIVACY_FLAGS', `goaway,nobodyreturn')dnl
define(`confLOG_LEVEL', `14')dnl
define(`CERT_DIR', `MAIL_SETTINGS_DIR/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/cacert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl
INPUT_MAIL_FILTER(`dkim-filter', `S=inet:8891@localhost, T=S:4m;R:4m')dnl
INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl
INPUT_MAIL_FILTER(`spfmilter', `S=local:/var/run/spfmilter.sock, T=S:4m;R:4m')dnl
DAEMON_OPTIONS(`Family=inet6')dnl
CLIENT_OPTIONS(`Family=inet6')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

jma...@ttec.com

unread,
Feb 24, 2007, 8:11:27 PM2/24/07
to


The feature files usualy just turn on code thats been "ifdef" in cf/m4/
proto.m4


Res

unread,
Feb 24, 2007, 10:33:56 PM2/24/07
to Graham Murray
OK I see the problem...

On Sun, 25 Feb 2007, Graham Murray wrote:

> Res <r...@ausics.net> writes:
>
>> Care to post your mc file? I'll accept it in email if you prefer, as
>> it works, and worked on earlier versions when it was a hack.
>> I'd like to try reproduce your problem
>
>

> FEATURE(`access_db')dnl
> FEATURE(`block_bad_helo')dnl
> FEATURE(`badmx')dnl
> FEATURE(`greet_pause',`3000')dnl
> FEATURE(`require_rdns')dnl
> FEATURE(`local_procmail', `/usr/bin/procmail')dnl

******** About here include :
FEATURE(`delay_checks')dnl

and your problems will be solved........

~$ telnet fox 25
Trying 192.168.0.254...
Connected to fox.


Escape character is '^]'.

220 fox.ausics.net ESMTP Sendmail 8.14.0/8.14.0; Sun, 25 Feb 2007 13:28:03
+1000
helo tester
250 fox.ausics.net Hello roswell.ausics.net [192.168.0.150], pleased to
meet you
mail from: r...@ausics.net
250 2.1.0 r...@ausics.net... Sender ok
rcpt to: r...@ausics.net
550 5.7.1 r...@ausics.net... bogus HELO name used: tester

**** added the ip range back into relay-domains and....


~$ telnet fox 25
Trying 192.168.0.254...
Connected to fox.


Escape character is '^]'.

220 fox.ausics.net ESMTP Sendmail 8.14.0/8.14.0; Sun, 25 Feb 2007 13:31:10
+1000
helo tester-in-relays.domains
250 fox.ausics.net Hello roswell.ausics.net [192.168.0.150], pleased to
meet you
mail from: r...@ausics.net
250 2.1.0 r...@ausics.net... Sender ok
rcpt to: r...@ausics.net
250 2.1.5 r...@ausics.net... Recipient ok


Enjoy :)

Danny

unread,
Feb 25, 2007, 2:33:22 PM2/25/07
to

Thank you, its working now :-)

Danny

Res

unread,
Feb 25, 2007, 4:36:58 PM2/25/07
to
On Sun, 25 Feb 2007, Danny wrote:

>> ******** About here include :
>> FEATURE(`delay_checks')dnl
>>
>> and your problems will be solved........
>>

> Thank you, its working now :-)
>

No problems :)

0 new messages