[milters] Archive

Lists Index Date Thread Search

Article: 1004
From: JPP
Date: 2006-07-09 11:14:08 -0400
Subject: Re: milter-link thinks all email is Auth'd OK?

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Ok...

Text and responses in line.

On Sun, 09 Jul 2006 14:24:30 +0200, Anthony Howe wrote
> Removal...........: milters-request@milter.info?subject=remove
> More information..: http://www.milter.info/#Support
> --------------------------------------------------------
> 
> JPP wrote:
> > Jul  8 14:24:24 smtp sendmail[3740]: k68KOOYu003740: Milter (milter-
link): 
> > init success to negotiate 
> > Jul  8 14:24:24 smtp sendmail[3740]: k68KOOYu003740: Milter: connect to 
> > filters 
> > Jul  8 14:24:24 smtp milter-link[3741]: 00223 NOQUEUE: host 
> > [222.173.71.94] [222.173.71.94] OK
> 
> It found an access.db white list entry for the connecting client. Try 
> running:
> 
> 	verbose=info,trace,db,debug
> 
> This will show you which one matched.
> 

ADDED to the milter-link.cf


> > Jul  8 14:24:26 smtp milter-link[3741]: 00223 NOQUEUE: 
> > address='devise814@nifty.com' localleft='devise814' localright='' 
> > domain='nifty.com' auth='(null)' 
> > Jul  8 14:24:26 smtp milter-link[3741]: 00223 NOQUEUE: 
> > sender=<devise814@nifty.com> access=? skipConnection=1 skipMessage=1 
> > 
> > Notice the 'skipConnection=1 skipMessage=1' - well that seems to make it 
just
> 
> skipConnection was set by the IP access.db checks, after which it is 
> carried over into each subsequent message check.
>

Ok - question is why since there is no entry denying or accepting this IP/
Host or address in the access.db?

 
> > drop right through the content checks. The only thing I can think of is 
that 
> > the '(null)' for auth= is being read as an as Auth=true (which its not).
> 
> No. If AUTH=null, then no AUTH was supplied. If AUTH were not NULL, then 
> an AUTH had been suplied in which case +smtp-auth-ok would apply or 
> -smtp-auth-ok and milter-link-auth: tag would.
> 
> Fixing the access.db white list issue first should resolve the problem.
> 
> -- 
> Anthony C Howe          Skype: SirWumpus                    SnertSoft
> +33 6 11 89 73 78         AIM: SirWumpus    Sendmail Milter Solutions
> http://www.snert.com/     ICQ:
7116561      http://www.snertsoft.com/

I would gladly fix it if I knew what to fix... entry below is one that made 
it past and was 'whitelisted' even though there is no apparent reason why (to 
me).

A little overview here:
1. This server is a gateway - there are only 3 'real users/mailboxes' on the 
sever and they rarely if ever send or get email.
2. Most all blocking is done via DNSBL lookups with a few done in the 
access.db due to viruses and other things needing immediate attention.
3. Most all email is forwarded to other servers once sendmail processes it - 
pretty much explaining the need for some form of sendmail-based content 
checker - ie. milter-link. The forwards are all handled in the mailertable - 
not the access.db
4. The access.db does not have any 'RELAY' or 'OK' statements in it that 
could explain why the email below was 'whitelisted'. The access.db does not 
do ANY whitelisting aside from a few IPs that are in no way related to these 
emails. On the other hand - it also does not have any explicit REJECT 
statements in it for the IP/Hostname - but it should not.

We just want the emails passing through this gateway to be scanned and 
filtered to see if they are indeed harboring links that are in SPAM 
blocklists somewhere and if not to pass it on through.

Milter entries for one email that got delivered (from the milter list):
Did this email get scanned or was it whitelisted as it states at the bottom?

Jul  9 08:45:52 smtp-gw sendmail[1363]: k69EjqQs001363: Milter (milter-link): 
init success to negotiate
Jul  9 08:45:52 smtp-gw milter-link[1364]: 00119 NOQUEUE: filterOpen(806d8a0, 
'pop.snert.net', [193.41.72.72])
Jul  9 08:45:52 smtp-gw milter-link[1364]: 00119 NOQUEUE: host pop.snert.net 
[193.41.72.72] OK
Jul  9 08:45:53 smtp-gw milter-link[1364]: 00119 NOQUEUE: filterMail(806d8a0, 
8069008) MAIL='<milters-bounce@milter.info>' auth=''
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"milter-link-from:milters-bounce@milter.info"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"milter-link-from:milter.info"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"milter-link-from:info"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"milter-link-from:milters-bounce@"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"milter-link-from:"
Jul  9 08:45:53 smtp-gw milter-link[1364]: 00119 NOQUEUE: enter 
smfAccessPattern(8075730, milters-bounce@milter.info, (null), 0)
Jul  9 08:45:53 smtp-gw milter-link[1364]: 00119 NOQUEUE: exit  
smfAccessPattern(8075730, milters-bounce@milter.info, (null), 0) rc=95 
action='(no action)'
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"from:milters-bounce@milter.info"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"from:milter.info"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"from:info"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"from:milters-bounce@"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"milters-bounce@milter.info"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"milter.info"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"info"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"milters-bounce@"
Jul  9 08:45:53 smtp-gw milter-link[1364]: 00119 NOQUEUE: filterRcpt(806d8a0, 
8075090) RCPT='<jpp1@frws.com>'
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"milter-link-to:jpp1@frws.com"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"milter-link-to:frws.com"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"milter-link-to:com"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"milter-link-to:jpp1@"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"milter-link-to:"
Jul  9 08:45:53 smtp-gw milter-link[1364]: 00119 NOQUEUE: enter 
smfAccessPattern(8075730, jpp1@frws.com, (null), 0)
Jul  9 08:45:53 smtp-gw milter-link[1364]: 00119 NOQUEUE: exit  
smfAccessPattern(8075730, jpp1@frws.com, (null), 0) rc=95 action='(no action)'
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"spam:jpp1@frws.com"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"spam:frws.com"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"spam:com"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"spam:jpp1@"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"to:jpp1@frws.com"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"to:frws.com"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"to:com"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"to:jpp1@"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"jpp1@frws.com"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"frws.com"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"com"
Jul  9 08:45:53 smtp-gw milter-link[1364]: checking "/etc/mail/access.db" for 
"jpp1@"
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'Received', 'from pop.snert.net (...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'Received', 'with ECARTIS (v1.0.0...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'Received', 'from gateway.g1ogy.c...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'Received', 'from wxpogy13 (w-xpo...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'Message-Id', '<200607091432.k69EWl...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'From', '"G1OGY \(Dave\)" <g1...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'To', '<milters@milter.info...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'Subject', '[milters] milter-lin...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'Date', 'Sun, 9 Jul 2006 15:3...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'Organization', 'g1ogy.com...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'MIME-Version', '1.0...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'Content-Type', 'text/plain; ^Icharset...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'Content-Transfer-Encoding', '7bit...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'X-Mailer', 'Microsoft Office Out...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'X-MimeOLE', 'Produced By Microsof...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'Thread-Index', 'AcajX+/aIZMeMhY9QHqw...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'X-milter-p0f-Report', 'g1ogygw.demon.co.uk ...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'X-Null-Tag', '05a564f2b42aac5b9122...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'X-Null-Tag', 'edd5627cc1ceb66f0258...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'X-archive-position', '1002...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'X-Approved-By', 'achowe@snert.com...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'X-ecartis-version', 'Ecartis v1.0.0...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'Sender', 'milters-bounce@milte...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'Errors-to', 'milters-bounce@milte...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'X-original-sender', 'g1ogy@g1ogy.com...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'Precedence', 'bulk...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'Reply-to', 'milters@milter.info...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterHeader(806d8a0, 'X-list', 'milters...')
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterEndHeaders(806d8a0)
Jul  9 08:45:54 smtp-gw milter-link[1364]: next MIME part 'Text'
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: filterBody(806d8a0, 
'Removal...........: ...', 2221)
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: white listed, 
skipping
Jul  9 08:45:54 smtp-gw milter-link[1364]: 00119 NOQUEUE: 
filterEndMessage(806d8a0)

################

What needs be added or removed to have this milter filter all emails coming 
through the server that are not sent by an AUTH'd sender?

Thanks for your help.

JPP


--
FRWS WebMail (http://www.frws.com)
Cause you deserve Spam and Virus free email...


Lists Index Date Thread Search