From owner-freebsd-ports-bugs@freebsd.org Sun Mar 17 17:13:20 2019 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 84A051543BFD for ; Sun, 17 Mar 2019 17:13:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 1CCA3882F5 for ; Sun, 17 Mar 2019 17:13:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id C9F5E1543BFC; Sun, 17 Mar 2019 17:13:19 +0000 (UTC) Delivered-To: ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A5D091543BFB for ; Sun, 17 Mar 2019 17:13:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 27905882F1 for ; Sun, 17 Mar 2019 17:13:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 7946012D89 for ; Sun, 17 Mar 2019 17:13:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x2HHDI8V074539 for ; Sun, 17 Mar 2019 17:13:18 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x2HHDIU7074538 for ports-bugs@FreeBSD.org; Sun, 17 Mar 2019 17:13:18 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 236605] mail/sendmail: additional blacklisting for frequent useless connections [patch] Date: Sun, 17 Mar 2019 17:13:17 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: freebsd@oldach.net X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: dinoex@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Mar 2019 17:13:20 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236605 Bug ID: 236605 Summary: mail/sendmail: additional blacklisting for frequent useless connections [patch] Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: dinoex@FreeBSD.org Reporter: freebsd@oldach.net Assignee: dinoex@FreeBSD.org Flags: maintainer-feedback?(dinoex@FreeBSD.org) Created attachment 202938 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D202938&action= =3Dedit patch In my maillog, I often observe hosts frequently contacting my sendmail with= out issuing any reasonable command, like this for example: Mar 17 03:02:04 nuc sm-mta[98005]: x2H21q18098005: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:02:15 nuc sm-mta[98132]: x2H2278J098132: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:02:27 nuc sm-mta[98166]: x2H22JfW098166: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:02:36 nuc sm-mta[98167]: x2H22SXD098167: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:02:44 nuc sm-mta[98168]: x2H22aUN098168: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:02:53 nuc sm-mta[98169]: x2H22if3098169: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:03:01 nuc sm-mta[98170]: x2H22rvQ098170: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:03:09 nuc sm-mta[98176]: x2H231fG098176: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:03:17 nuc sm-mta[98177]: x2H239Q3098177: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:03:26 nuc sm-mta[98211]: x2H23I3V098211: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 In some cases I have observed hundreds of such connection attempts before giving up. As we have blacklisting in the port, I was thinking to use that for calming down such servers. However it appears this particular logic is not in the blacklisting patch set yet. The attached patch implements this. Admittedly it's kind of hackish as the = "did not issue" message is emitted only when sendmail's input file descriptor is already closed, so we cannot use it for hand-over to blacklist() in the same way as it's done for the other blacklist() calls. Therefore I'm dup()ing the input fd early in the command loop for use by blacklist() and close the dup= 'ed fd later. --=20 You are receiving this mail because: You are the assignee for the bug.=