Chris Gleba
chris@soma.978.org
Sun Nov 10 23:51:35 UTC 2002
Mr Schryver,
This is very odd. I tested it as you had by putting in an invalid host
with cdcc and it worked as expected -- it accepted the mail without
adding the X-DCC header. Then I tried my DNS trick again and this time
it worked as expected: passed the mail without the X-DCC mail header and
the following in the sendmail log:
Nov 10 12:38:03 harp sendmail[19168]: gAAHbrkZ019168: Milter (dcc): to error state
I spent the whole day trying to reproduce my previous error again so that
I could at least try to figure out why it was happening and what made it stop
happening for future users but I couldn't get it to do what it was doing before.
The only thing that I had done between the last time the problem happened and
this time was rebuild the map file but I don't have any evidence to prove that
that was the issue.
In summary, the issue is no longer there and I am very happy about it, however
I have to sadly report that I have no idea what fixed it nor what was causing it.
The only change between then and now is a rebuilt map file.
I appreciate your help as well as all the work that you put into this issue and
I am sorry that it did not bear any fruit. If there is anything that I can do
in the future to help you let me know (I am an OK C programmer).
--Chris
On Fri, 2002-11-08 at 21:04, Vernon Schryver wrote:
> > From: Chris Gleba <chris@soma.978.org>
>
> > FEATURE(dccdnsbl, `relays.ordb.org', `"Mail from " $`'&{client_addr}
> > "reject to DCC - see http://www.ordb.org/faq/"')
>
> I rebuilt my sendmail.cf with that line in the .mc file. That
> resulted in these additional lines:
>
> # DNS based IP address spam list relays.ordb.org connected to DCCM
> R$* $: $&{client_addr}
> R::ffff:$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1.relays.ordb.org. $: OK $)
> R$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1.relays.ordb.org. $: OK $)
> R<?>OK $: OKSOFAR
> R<?>$+ $@ $(macro {dcc_isspam} $@ "Mail from " $&{client_addr} "reject to DCC - see http://www.ordb.org/faq/" $) REJECT
>
>
> > ...
> > To test whether mail gets rejected when dcc servers could not be
> > contacted I created a phony domain in my name server for
> > dcc.dcc-servers.net:
>
> I can't easily do that, because my DNS server is a secondary for
> dcc-servers.net. Instead I used cdcc to switch to a non-existent DCC
> server.
>
> > ...
> > Tested it with nslookup as well as cdcc and it worked --
> > dcc.dcc-servers.net could not be resolved while everything else resolved
> > fine.
>
> I didn't send from hotmail, but from z.dcc-servers.net. With a working
> DCC server, things worked fine.
>
> > Then I sent a mail to myself from hotmail -- maillog said as follows:
>
> When I used the non-existent DCC server, things worked also fine.
> The only differences in my tests were that no X-DCC header was added
> to the message and there were some complaints from dccm in the system
> log aobut the bad DCC server.
>
>
> > ...
> > sendmail.cf-->{dcc_isspam}: "Mail from 209.185.241.23 reject to DCC -
> > see http://www.ordb.org/faq/"
>
> I don't see how that message could have been generated unless sendmail
> set the ${dcc_isspam} macro. How else could dccm have found that text?
> (I checked the source for uninitialized variables, but found none.)
>
>
> > X-DCC-wanadoo-be-Metrics: harp 1016; bulk Body=many Fuz1=many Fuz2=many
>
> That X-DCC header should not have been generated unless that DCC server
> answered. But I see no sign that dccm heard from a DCC server in the
> list of checksums.
>
> All I can see to do is to check more things:
>
> - does that "reject to DCC - see http://www.ordb.org/faq/" appear
> anywhere else in your sendmail.cf file? (not .mc file)
>
> - what happens if you delete that line from your sendmail.cf file?
> My guess is that dccm won't reject the message. If that's right,
> then we'll know that dccm is doing as it's told, but being told
> the wrong thing.
>
> - what version of sendmail are you using? 8.12.5? If so, that ought
> to be similar to what I'm using. Which version of the DCC source
> are you using?
>
> - I copied the lines generated by FEATURE(dccdnsbl) from some version
> of sendmail's DNSBL support. I see they've changed things in
> or before 8.12.7, and so I'll change misc/dccdnsbl.m4 in the
> next version of the DCC source to match. It might be interesting
> to try that version:
>
> ***************
> *** 41,49 ****
> divert(8)
> # DNS based IP address spam list _DCCDNSBL_SRV_ connected to DCCM
> R$* $: $&{client_addr}
> - R::ffff:$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._DCCDNSBL_SRV_. $: OK $)
> R$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._DCCDNSBL_SRV_. $: OK $)
> R<?>OK $: OKSOFAR
> R<?>$+ $@ $(macro {dcc_isspam} $@ _DCCDNSBL_MSG_ $) REJECT
> divert(-1)
>
> --- 41,49 ----
> divert(8)
> # DNS based IP address spam list _DCCDNSBL_SRV_ connected to DCCM
> R$* $: $&{client_addr}
> R$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._DCCDNSBL_SRV_. $: OK $)
> R<?>OK $: OKSOFAR
> + R<?>$+<TMP> $: TMPOK
> R<?>$+ $@ $(macro {dcc_isspam} $@ _DCCDNSBL_MSG_ $) REJECT
> divert(-1)
>
>
> As far as I can see, they've changed tactics for IPv6 and are doing
> something for temporary failures by the DNS blacklist.
> If somehow the change to your DNS server caused temporary DNS failures in
> asking relays.ordb.org, then most of the mysteries would be explained.
>
>
> Vernon Schryver vjs@rhyolite.com
> _______________________________________________
> DCC mailing list DCC@rhyolite.com
> http://www.rhyolite.com/mailman/listinfo/dcc
--
_________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_/ _/ _/
_/ _/ ||||
_/ _/_/_/ _/_/ _/ _/_/ c ..
_/ _/ _/ _/ _/ _/ \ >
_/ _/ _/ _/ _/ _/_/ \_-
==>chris@soma.978.org<==
_________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
_________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_/ _/ _/
_/ _/ ||||
_/ _/_/_/ _/_/ _/ _/_/ c ..
_/ _/ _/ _/ _/ _/ \ >
_/ _/ _/ _/ _/ _/_/ \_-
==>chris@soma.978.org<==
_________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the DCC
mailing list
