dccm default to reject when servers can't be contacted?

Chris Gleba chris@soma.978.org
Fri Nov 8 22:49:44 UTC 2002


Mr, Schryver,

Thank you very much for your reply as well as your help.  I combed
through my configuration files taking your comments into consideration
however the problem still persists; if dcc servers can not be contacted
mail is rejected.  I busted out my big sendmail book (I have to admit
that I am not a sendmail guru -- .mc files I understand, .cf I still
don't quite completely comprehend) and I could not quite figure out what
is going on.  Below is some info from log files as well as answers to
your questions:


On Fri, 2002-11-01 at 00:19, Vernon Schryver wrote:
> > From: Chris Gleba <chris@soma.978.org>
> 
> > ...
> > I am using dccm [with sendmail -- just the client -- VERY small site]
> > and it seems that if dccm can not contact any of the dcc servers
> > that it defaults to "REJECT".  This had some very nasty repercussions
> > when I had some DNS issues earlier today. . . .
> >
> > Is there any CLI option, #define or sendmail macro where I can easily
> > tell dccm to default to "ACCEPT" when it can not contact the dcc
> > servers?
> 
> Are you sure you are not also using some other sendmail Milter filter
> such as one of the SpamAssassin milter interfaces?  

No -- just the plain dcc milter interface using the dccdnsbl macro.

> However, if you use misc/hackmc to tell sendmail to report relay
> attempts to the DCC server as spam, then sendmail is told to reject
> mail if the DCC fails so that the system does act as an open relay.

I'm not using hackmc either -- this has me stumped. . .

First, here is my .mc file that I use to generate sendmail.cf -- a few
values are changed for security reasons and are noted by "REMOVED":


include(`../m4/cf.m4')dnl
define(`confDEF_USER_ID',``mail:mail'')dnl
OSTYPE(`linux')dnl
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
define(`confALIAS_WAIT', `30')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confMATCH_GECOS', true)dnl
define(`confDOMAIN_NAME', `REMOVED')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
MASQUERADE_AS(`REMOVED')dnl
MASQUERADE_DOMAIN(`REMOVED')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(mailertable)dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl
FEATURE(genericstable)dnl
FEATURE(always_add_domain)dnl
FEATURE(redirect)dnl
FEATURE(use_cw_file)dnl
FEATURE(local_procmail)dnl
FEATURE(`access_db')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`relay_based_on_MX')dnl
FEATURE(dccdnsbl, `relays.ordb.org', `"Mail from " $`'&{client_addr}
"reject to DCC - see http://www.ordb.org/faq/"')
FEATURE(`delay_checks')dnl
FEATURE(`stickyhost')dnl
define(`confPRIVACY_FLAGS',`goaway,restrictqrun,restrictmailq')dnl
dnl define(`confSMTP_LOGIN_MSG', `$j server ready at $b')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

To test whether mail gets rejected when dcc servers could not be
contacted I created a phony domain in my name server for
dcc.dcc-servers.net:


zone "dcc-servers.net" {
       type master;
       notify no;
       file "pz/test";
};

Tested it with nslookup as well as cdcc and it worked --
dcc.dcc-servers.net could not be resolved while everything else resolved
fine.

Then I sent a mail to myself from hotmail -- maillog said as follows:

Nov  8 16:59:41 harp sendmail[23202]: gA8LxekZ023202:
from=<cgleba@hotmail.com>, size=750, class=0, nrcpts=1, msgid=<F23
eyyfIIhs6hdn1KVH00000519@hotmail.com>, proto=ESMTP, daemon=MTA,
relay=[209.185.241.23]
Nov  8 16:59:41 harp sendmail[23202]: gA8LxekZ023202: Milter: data,
reject=550 5.7.1 Mail from 209.185.241.23 reject to 
DCC - see http://www.ordb.org/faq/

and /var/dcc/log had the following entry:

VERSION: 3
DATE: 11/08/02 16:59:40 EST
IP: [209.185.241.23] ::ffff:209.185.241.23
HELO: hotmail.com
env_From: <cgleba@hotmail.com>  mail_host=hotmail.com.
env_To: <cgleba@soma.978.org>  addr=cgleba  dir=userdirs/local/cgleba

Received: from mail pickup service by hotmail.com with Microsoft
SMTPSVC;
         Fri, 8 Nov 2002 13:59:35 -0800
Received: from 24.147.25.222 by lw3fd.law3.hotmail.msn.com with HTTP;
        Fri, 08 Nov 2002 21:59:35 GMT
X-Originating-IP: [24.147.25.222]
From: "Christopher Gleba" <cgleba@hotmail.com>
To: cgleba@soma.978.org
Bcc: 
Subject: test2
Date: Fri, 08 Nov 2002 21:59:35 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F23eyyfIIhs6hdn1KVH00000519@hotmail.com>
X-OriginalArrivalTime: 08 Nov 2002 21:59:35.0575 (UTC)
FILETIME=[202EBA70:01C28772]





test2

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail


### end of message body ########################
sendmail.cf-->{dcc_isspam}: "Mail from 209.185.241.23 reject to DCC -
see http://www.ordb.org/faq/"

X-DCC-wanadoo-be-Metrics: harp 1016; bulk Body=many Fuz1=many Fuz2=many
                                                     
checksum              
                       IP: 7fb8d660 66325464 27d9b297
57d13f76              
                 env_From: 22eac2e6 1d9e31f1 492151ba
4279f08f              
                     From: 1c53f8a5 c4da7766 d697be1c
75b7e47c              
     substitute mail_host: f77684a4 b02ce0de 0cb79348
7fbf33a1              
               Message-ID: 039bde14 9c478499 3943a9aa
a5dac0e5              
                 Received: 27b77a5a 89ceebcc 4964cb0f
4e783362              
                     Body: 6d3b6bed 1bfce1b9 9c5aca25
207f8c6a              
                     Fuz1: 93457975 eb3e963b a1cfb004
925dfa38              
                     Fuz2: ba2596b1 77c37832 bfac8a2e 4f9d4033          
rejection message: 550 5.7.1 Mail from 209.185.241.23 reject to DCC -
see http://www.ordb.org/faq/
result: reject

then I turned off my fake dcc-servers.net domain and the next test from
hotmail came through fine.

There is probably something plainly obvious that I am missing and if it
is a stupid question I apologize.  Again, your help is appreciated!

Thanks,


-- Chris
 _________________________________
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       _/ _/         _/
    _/   _/                  ||||
   _/   _/_/_/ _/_/ _/ _/_/  c ..
  _/   _/  _/ _/   _/  _/    \  >
   _/ _/  _/ _/   _/ _/_/     \_-

  ==>chris@soma.978.org<==
 _________________________________ 
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.