Date: Thu, 27 Aug 2015 13:55:37 -0400 From: Robert Sargent <robtsgt@sgt.com> To: freebsd-security@freebsd.org Subject: sendmail server sending milter data after latest FreeBSD upgrade Message-ID: <201508271755.t7RHtdjO009327@sgt.com>
index | next in thread | raw e-mail
[-- Attachment #1 --]
Hi,
After rebuilding my systems after the latest openssl/iret handler I noticed some incoming email sessions were failing. The failures were primarily from hotmail.com, outlook.com, google.com and me.com. The SMTP server [sendmail v 8.15.2] logs contained lines like this:
Aug 27 14:41:22 tusk sm-mta[18366]: t7REfKQd018366: col004-omc4s12.hotmail.com [65.55.34.214] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
I captured some packets with tcpdump and read them with wireshark. The failed session packets' contents indicated after the SYN, SYN, ACK 3-way handshake I would send out
Response: milter_negotiate(milter-regex): send: version 6, fflags 0x1ff, pflags 0x1fffff\n
I then rec'd an ACK from the client and then I would send out more milter data like:
Response: milter_negotiate(milter-regex): received: version 6, fflags 0x20, pflags 0x300\n
Response: milter_negotiate(opendkim): send: version 6, fflags 0x1ff, pflags 0x1fffff\n
Response: milter_negotiate(opendkim): received: version 6, fflags 0x111, pflags 0x100702\n
Response: milter_negotiate(smf-spf): send: version 6, fflags 0x1ff, pflags 0x1fffff\n
Response: milter_negotiate(smf-spf): received: version 6, fflags 0x1d, pflags 0x350\n
Response: milter_negotiate(greylist): send: version 6, fflags 0x1ff, pflags 0x1fffff\n
Response: milter_negotiate(greylist): received: version 6, fflags 0x13, pflags 0x100\n
Response: milter_negotiate(clmilter): send: version 6, fflags 0x1ff, pflags 0x1fffff\n
Response: milter_negotiate(clmilter): received: version 6, fflags 0x31, pflags 0x342\n
The client would then ACK and I would send out my normal SMTP greeting:
Response: 220 tusk.sgt.com ESMTP Sendmail 8.15.2/8.14.9; Thu, 27 Aug 2015 12:24:38 GMT\r\n
Then the client would send a FIN
-------------------
Needless to say I was concerned and tried restarting sendmail and associated milters, no change, I kept sending out milter data to the client.
I tried reinstalling sendmail from both pkgs and ports, no change.
I finally rebooted the system and the problem "went away".
There was no problem with incoming hotmail, google, apple emails prior to this latest OS upgrade.
uname -a: FreeBSD tusk.sgt.com 9.3-RELEASE-p24 FreeBSD 9.3-RELEASE-p24 #10 r287147: Tue Aug 25 23:19:33 UTC 2015 root@tusk.sgt.com:/usr/obj/usr/src/sys/SGT93AMD64ZFS amd64
Is this a known problem? Any ideas WTF is [was] going on? Any suggestions on what to do next time it happens [short of rebooting]?
Please do not publicly release any of my site/domain specific data.
tcpdumpfile attached.
Thanks,
Rob
[-- Attachment #2 --]
�������������U
�B���B���� )Dԉ�E��4"@�1tA7"kh�}���� �A5��xU
�B���B���Dԉ� )�E��4"@�@��khA7"�^F}㾀��x��U
\
�<���<���� )Dԉ�E��("s@�1tA7"kh�}㾣^GPw��������Uw�������Dԉ� )�E��w"@�@��khA7"�^G}P?��milter_negotiate(milter-regex): send: version 6, fflags 0x1ff, pflags 0x1fffff
U#�<���<���� )Dԉ�E��($@�1rA7"kh�}㾣^P�)��������U7�����Dԉ� )�E�"@�@��khA7"�^}P��milter_negotiate(milter-regex): received: version 6, fflags 0x20, pflags 0x300
milter_negotiate(opendkim): send: version 6, fflags 0x1ff, pflags 0x1fffff
milter_negotiate(opendkim): received: version 6, fflags 0x111, pflags 0x100702
milter_negotiate(smf-spf): send: version 6, fflags 0x1ff, pflags 0x1fffff
milter_negotiate(smf-spf): received: version 6, fflags 0x1d, pflags 0x350
milter_negotiate(greylist): send: version 6, fflags 0x1ff, pflags 0x1fffff
milter_negotiate(greylist): received: version 6, fflags 0x13, pflags 0x100
milter_negotiate(clmilter): send: version 6, fflags 0x1ff, pflags 0x1fffff
milter_negotiate(clmilter): received: version 6, fflags 0x31, pflags 0x342
U�<���<���� )Dԉ�E��(&d@�1pA7"kh�}㾣a?P���������U~�������Dԉ� )�E��v"@�@��khA7"�a?}P>��220 tusk.sgt.com ESMTP Sendmail 8.15.2/8.14.9; Thu, 27 Aug 2015 12:24:38 GMT
U��<���<���� )Dԉ�E��()^@�1mA7"kh�}㾣aP�4��������U��<���<���Dԉ� )�E��("@�@��khA7"�a}P��������UE��<���<���Dԉ� )�E��("@�@��khA7"�a}P��������Ue�<���<���� )Dԉ�E��()@�1miA7"kh�}㿣aP�3��������UF�B���B���� )Dԉ�E��4U@�+A6Wkha�^4���� �6��xUZ�B���B���Dԉ� )�E��4"@�@��khA6W�a�^4N��x��US �<���<���� )Dԉ�E��(VC@�++A6Wkha�^4�Pߏ��������U
H
�������Dԉ� )�E��w"@�@��khA6W�a�^4PN��milter_negotiate(milter-regex): send: version 6, fflags 0x1ff, pflags 0x1fffff
U�<���<���� )Dԉ�E��(XB@�+,A6Wkha�^4P�A��������U�����Dԉ� )�E�"@�@��khA6W�a^4PQ%��milter_negotiate(milter-regex): received: version 6, fflags 0x20, pflags 0x300
milter_negotiate(opendkim): send: version 6, fflags 0x1ff, pflags 0x1fffff
milter_negotiate(opendkim): received: version 6, fflags 0x111, pflags 0x100702
milter_negotiate(smf-spf): send: version 6, fflags 0x1ff, pflags 0x1fffff
milter_negotiate(smf-spf): received: version 6, fflags 0x1d, pflags 0x350
milter_negotiate(greylist): send: version 6, fflags 0x1ff, pflags 0x1fffff
milter_negotiate(greylist): received: version 6, fflags 0x13, pflags 0x100
milter_negotiate(clmilter): send: version 6, fflags 0x1ff, pflags 0x1fffff
milter_negotiate(clmilter): received: version 6, fflags 0x31, pflags 0x342
U_�<���<���� )Dԉ�E��(Yw@�+A6Wkha�^4P�ܚ��������UUP
�������Dԉ� )�E��v"@�@��khA6W�a^4PN��220 tusk.sgt.com ESMTP Sendmail 8.15.2/8.14.9; Thu, 27 Aug 2015 12:24:41 GMT
UX
�<���<���� )Dԉ�E��(`.@�+@A6Wkha�^4
P�L��������Uj
�<���<���Dԉ� )�E��("@�@��khA6W�a
^4PN|��������U
�<���<���Dԉ� )�E��("@�@��khA6W�a
^4PN|��������Ul+
�<���<���� )Dԉ�E��(`@�+A6Wkha�^4
P�K��������
[-- Attachment #3 --]
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201508271755.t7RHtdjO009327>