From owner-freebsd-stable@FreeBSD.ORG Sun Aug 22 07:10:46 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9E1951065670 for ; Sun, 22 Aug 2010 07:10:46 +0000 (UTC) (envelope-from lists@jnielsen.net) Received: from ns1.jnielsen.net (ns1.jnielsen.net [69.55.238.237]) by mx1.freebsd.org (Postfix) with ESMTP id 812FF8FC21 for ; Sun, 22 Aug 2010 07:10:46 +0000 (UTC) Received: from ns1.jnielsen.net (jn@ns1 [69.55.238.237]) by ns1.jnielsen.net (8.12.9p2/8.12.9) with ESMTP id o7M7Ajcr029040; Sun, 22 Aug 2010 03:10:46 -0400 (EDT) (envelope-from lists@jnielsen.net) Received: (from www@localhost) by ns1.jnielsen.net (8.12.9p2/8.12.9/Submit) id o7M7Aj6j029039; Sun, 22 Aug 2010 03:10:45 -0400 (EDT) (envelope-from lists@jnielsen.net) X-Authentication-Warning: ns1.jnielsen.net: www set sender to lists@jnielsen.net using -f Received: from stealth.jnielsen.net (stealth.jnielsen.net [74.218.226.254]) by newwebmail.jnielsen.net (Horde MIME library) with HTTP; Sun, 22 Aug 2010 03:10:45 -0400 Message-ID: <20100822031045.sl4d10544k0s80kw@newwebmail.jnielsen.net> Date: Sun, 22 Aug 2010 03:10:45 -0400 From: John Nielsen To: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.4) / FreeBSD-4.9 X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on ns1.jnielsen.net X-Virus-Status: Clean Cc: gshapiro@freebsd.org Subject: Apparent dnsbl bug in Sendmail or m4 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Aug 2010 07:10:46 -0000 I'm migrating a sendmail server from FreeBSD 4.x to FreeBSD 8.x. After turning on the new server and feeding it some "live" e-mail, I noticed that the DNS blacklist lookups weren't actually rejecting e-mail like they did on the old server. (Actually the presence of blacklist information in the SpamAssassin report on an unwanted message that was delivered and a total lack of them in the sendmail logs (versus a steady stream on the old server).) I double-checked the syntax of my .mc file, re-ran "cd /etc/mail; make", and examined the resulting .cf file. While I saw lines referencing each dnsbl I included in the .mc, all of the error clauses were missing. My .mc file includes this line on both servers: FEATURE(dnsbl, `bl.spamcop.net', `"550 Mail from " $&{client_addr} " rejected, see http://spamcop.net/bl.shtml?" $&{client_addr}') On the FreeBSD 4.x server, this is the corresponding section in the .cf file: # DNS based IP address spam list bl.spamcop.net R$* $: $&{client_addr} R$-.$-.$-.$- $: $(dnsbl $4.$3.$2.$1.bl.spamcop.net. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK R$+ $#error $@ 5.7.1 $: "550 Mail from " $&{client_addr} " rejected, s ee http://spamcop.net/bl.shtml?" $&{client_addr} On the FreeBSD 8.x server, this is the corresponding section: # DNS based IP address spam list bl.spamcop.net R$* $: $&{client_addr} R$-.$-.$-.$- $: $(dnsbl $4.$3.$2.$1.bl.spamcop.net. $: OK $) ROK $: OKSOFAR R$+ $: TMPOK Note that the last line (containing the "error" clause and custom 550 message) is absent from the new server's file. I know next to nothing about m4, but I compared the cf/feature/dnsbl.m4 files on the two machines and noticed that the newer version has an "ifelse" statement to handle 'quarantine' or 'discard' keywords that is not present in the older version. I counted the arguments and compared them to the documented behavior of "ifelse" and didn't see any glaring problems, but the correct output string from the statement simply does not appear in the .cf file. Apparently this is the only case that causes the ifelse statement to not produce any output. Omitting the custom error message, specifying 'discard' or specifying 'quarantine' all produce a suitable action line in the output (error with default message, discard or quarantine, respectively). So just specifying e.g. "FEATURE(dnsbl, `bl.spamcop.net')" is one workaround. Since I don't use the 'quarantine' or 'discard' keywords I doctored the dnsbl.m4 file to remove the final "ifelse" statement and always output the error clause. That allowed me to produce a .cf file which included the appropriate error clauses and customized 550 error messages. This is an issue on FreeBSD 7.2 and 8.1 (and probably -CURRENT, but I don't have a test machine handy), but not on 4.9 (I know, old). For kicks I tried substituting gm4 from ports for m4 in the base but got the same results. I also verified that a simple macro containing an "ifelse" statement with seven arguments works as expected, including printing the seventh argument if both comparisons (1&2 and 4&5) are false. So--I'm stumped. I do have the workarounds I mentioned but now that I've encountered this mystery I would like to see it solved. Can anyone help unravel it? Thanks, JN