Date: Sat, 14 Mar 1998 20:14:45 +0900 (JST) From: Hiroharu Tamaru <tamaru@ap.t.u-tokyo.ac.jp> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: conf/6002: /etc/mail/sendmail.cf.addtions seems to leak. Message-ID: <199803141114.UAA12831@gin.myn.t.u-tokyo.ac.jp>
next in thread | raw e-mail | index | archive | help
>Number: 6002 >Category: conf >Synopsis: /etc/mail/sendmail.cf.addtions seems to leak. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Mar 14 03:20:02 PST 1998 >Last-Modified: >Originator: Hiroharu Tamaru >Organization: Dept. Appl. Phys, University of Tokyo. >Release: FreeBSD 2.2.6-BETA i386 >Environment: System: FreeBSD gin.myn.t.u-tokyo.ac.jp 2.2.6-BETA FreeBSD 2.2.6-BETA #0: Sat Mar 14 01:27:36 JST 1998 tamaru@gin.myn.t.u-tokyo.ac.jp:/workspace/usr.src/sys/compile/GIN i386 CVSupped on Mar 12. >Description: /etc/mail/sendmail.cf.addtions may not be correct. `Connecting Host must resolve' function and `ip address must NOT be in Paul Vixie's RBL' function in rule `check_mail' and `mail must come from or go to this machine or machines we allow to relay' in rule `check_recpt' doesn't seem to work. I say 'seem' because I haven't checked it in real practice whether it really does forward junk mails. I just checked it with the -bt option of sendmail. >How-To-Repeat: Say, for the first one: After replacing one rule in rule `check_mail'(line 76) like the following, so that some client name is passed while testing with sendmail -bt -R$* $: $1 $: $(dequote "" $&{client_name} $) +$* $: $1 $: $(dequote "" "host.junk.com" $) % sendmail -bt > check_mail user@freebsd.org rewrite: ruleset 196 input: user @ freebsd . org rewrite: ruleset 3 input: user @ freebsd . org rewrite: ruleset 96 input: user < @ freebsd . org > rewrite: ruleset 96 returns: user < @ freebsd . org . > rewrite: ruleset 3 returns: user < @ freebsd . org . > rewrite: ruleset 3 input: foo @ OK $: host . junk . com rewrite: ruleset 96 input: foo < @ OK $: host . junk . com > rewrite: ruleset 96 returns: foo < @ host . junk . com > rewrite: ruleset 3 returns: foo < @ host . junk . com > rewrite: ruleset 199 input: foo < @ host . junk . com > $: rewrite: ruleset 199 returns: foo < @ host . junk . com > $: rewrite: ruleset 196 returns: OK Since host.junk.com is not a valid host, this should not pass through. >Fix: I don't know much about sendmail.cf but the following seems to make things better. --- sendmail.cf.additions- Sat Mar 14 00:29:26 1998 +++ sendmail.cf.additions Sat Mar 14 19:25:01 1998 @@ -68,19 +68,21 @@ # mail must NOT come from a known source of spam--BEGIN R$+ @$+ $: <$1@$2> $2 R<$*> $+.$+.$+ <$1> $3.$4 -R<$*> $* $: $(spamsites $2 $: OK $) +R<$*> $* $: $(spamsites $2 $: <$1> $2 $) R$+.REJECT $#error $: 521 $1 R<$*> $* $: $1 # mail must NOT come from a known source of spam--END # Connecting Host must resolve--BEGIN -R$* $: $1 $: $(dequote "" $&{client_name} $) -R$* $: $>3 foo@$1 +R$* $: <$1> $(dequote "" $&{client_name} $) +R<$*> $* $: <$1> $>3 foo@$2 +R<$*> $* < @ $+ . > $: $1 R<$*> $*<@$*> $#error $: "451 Domain does not resolve" # Connecting Host must resolve--END # ip address must NOT be in Paul Vixie's RBL--BEGIN -R$* $: $1 $: $(dequote "" $&{client_addr} $) -R$* $: $>check_rbl $1 +R$* $: <$1> $(dequote "" $&{client_addr} $) +R<$*> $* $: <$1> $>check_rbl $2 R$*.com. $#error $: "550 Mail refused, see http://maps.vix.com/rbl" +R<$*> $* $1 # ip address must NOT be in Paul Vixie's RBL--END R$* $@ OK @@ -100,7 +102,7 @@ R<$*> $* $: $1 # mail must NOT be addressed "fakenames"--END # mail must come from or go to this machine or machines we allow to relay--BEGIN -# R$* $: $>Parse0 $>3 $1 +# R$* $: $>3 $1 # R$+ < @ $* . > $* $: $1 < @ $2 > # R$+ < @ $=w> $@ OK # R$+ < @ $* $=R> $@ OK >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199803141114.UAA12831>