[milters] Archive

Lists Index Date Thread Search

Article: 292
From: Jeff Groves
Date: 2004-12-23 09:50:27 -0500
Subject: Re: milter-sender not bouncing messages

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Jeff Powell wrote:

>Removal...........: milters-request@milter.info?subject=remove
>More information..: http://www.milter.info/#Support
>--------------------------------------------------------
>
>I'm currently using milter-sender .62 with sendmail 8.13.1. It had been working
correctly but now I notice that it is not bouncing messages that fail the callback.  Here
is a log sample:
> 
>Dec 22 14:26:44 aphrodite sendmail[24262]: NOQUEUE: connect from [222.97.250.150]
>Dec 22 14:26:44 aphrodite sendmail[24262]: iBMMQinF024262: Milter (milter-sender):
init success to negotiate
>Dec 22 14:26:44 aphrodite sendmail[24262]: iBMMQinF024262: Milter (spamassassin): init
success to negotiate
>Dec 22 14:26:44 aphrodite sendmail[24262]: iBMMQinF024262: Milter (mimedefang): init
success to negotiate
>Dec 22 14:26:44 aphrodite sendmail[24262]: iBMMQinF024262: Milter: connect to filters
>Dec 22 14:26:45 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: trying MX 10
'gateway3.delphi.com.' [69.220.142.15] for <220k@delphi.com>
>Dec 22 14:26:45 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: opening SMTP
connection to 69.220.142.15
>Dec 22 14:26:46 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: < 220
gateway3.delphi.com ESMTP Mirapoint 3.4.6-GR; Wed, 22 Dec 2004 17:26:46 -0500 ($
>Dec 22 14:26:46 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: > HELO
aphrodite.jeffandclaire.com^M
>Dec 22 14:26:46 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: < 250
gateway3.delphi.com Hello aphrodite.jeffandclaire.com [68.126.85.58], pleased t$
>Dec 22 14:26:46 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: > MAIL
FROM:<>^M
>Dec 22 14:26:46 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: < 250
<>... Sender ok
>Dec 22 14:26:46 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: > RCPT
TO:<K0220@delphi.com>^M
>Dec 22 14:26:49 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: < 550
<K0220@delphi.com>... No such mailbox
>Dec 22 14:26:49 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: > RSET^M
>Dec 22 14:26:49 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: < 250 Reset
state
>Dec 22 14:26:49 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: > MAIL
FROM:<>^M
>Dec 22 14:26:49 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: < 250
<>... Sender ok
>Dec 22 14:26:49 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: > RCPT
TO:<220k@delphi.com>^M
>Dec 22 14:26:52 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: < 550
<220k@delphi.com>... No such mailbox
>Dec 22 14:26:52 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: > QUIT^M
>Dec 22 14:26:52 aphrodite milter-sender[24125]: 00005 iBMMQinF024262: closing SMTP
connection
>Dec 22 14:26:52 aphrodite spamass-milter[1365]: queueid=iBMMQinF024262
>Dec 22 14:26:52 aphrodite sendmail[24262]: iBMMQinF024262: dns
150.250.97.222.sbl-xbl.spamhaus.org. => 127.0.0.4
>Dec 22 14:26:52 aphrodite sendmail[24262]: iBMMQinF024262: ruleset=check_rcpt,
arg1=<jeff@jeffpowell.com>, relay=[222.97.250.150], reject=553 5.3.0 <jeff@j$
>Dec 22 14:26:53 aphrodite sendmail[24262]: iBMMQinF024262:
from=<220k@delphi.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA,
relay=[222.97.250.150]
> 
>In this case, it ultimately did get bounced because the sender was listed in Spamhaus,
but milter-sender should have rejected it first.  I have seen many cases of this,
including viruses, getting through all the way.  Any ideas?
> 
>Jeff
>
>  
>
It's hard to say what is going on since the log level on milter-sender 
is not turned-up very high.  It's been a while since I messed with 
milter-sender; otherwise, I would tell you how to increase the verbosity 
of the logging.

Secondly, your assumption that milter-send should prevent virus emails 
from coming through is flawed.  Most virus email generating viruses use 
valid email addresses as the From: address.  As a result, milter-sender 
would find that the sender email address was valid and would let it through.

If you want email virus scanning, I would suggest a combination of 
mimedefang and F-PROT as a cost effective solution.

Jeff G.


Lists Index Date Thread Search