[milters] Archive

Lists Index Date Thread Search

Article: 1575
From: Anthony Howe
Date: 2007-04-29 04:13:27 -0400
Subject: Re: milter-null not rejecting or my access tags are incorrect

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support

Andy Druda wrote:
> I have a mail server we call mail-hub where user mail is collected and 
> accessed by users via imap.  I have a mail relay called smtp which uses 
> a mailertable entry to send all mail for andy.edu to mail-hub.andy.edu. 

Is this to say that all outbound mail passes through the server running 
milter-null? It is important in order to filter bounce messages 
correctly, that the outbound mail get correctly tagged, else the inbound 
won't make sense.

>   The relay serves no other domains.  here is one set of access tags I 
> tried:
> milter-null-To:      SKIP
> milter-null-From:    SKIP

> milter-null-connect:   SKIP

These three should be sufficient to prevent the sendmail tags from being 
acted on.

> With the first example above I can telnet 25 from my workstation inside 
> my andy.edu class C and send an email from a username and the mail gets 
> a null tag added (and the mail is delivered) but if I send from <> no 
> null tag is added and the mail is also delivered.  So far none of the 

You misunderstand how it works. Outbound user mail has to be tagged. 
Bounces messages generated by your server are not tagged (since they 
will never come back to you). Bounce messages from other systems though 
will be checked for the X-Null-Tag. There are two tests you can do:

1. From your station send mail via your smtp server to a bogus account, 
like <bogususer@yahoo.com>. You should correctly receive the bounce message.

2. From a shell account outside you system, telnet to port 25 of your 
server and send MAIL FROM:<> to your account. Use a copy of the Yahoo 
bounce message you received above, REMOVING the X-Null-Tag: header from 
the message body. It should be rejected.

If it is not, then there may be some problem in access.db 
permission/ownership issues. Check the maillog when milter-null starts 
up for errors. See the Notes section for recommended permissions.

> above access tag setups has ever rejected anything on a production system.
> my sendmail tags in access look like this:
> To:andy.edu          RELAY
> xx.xx.xx             RELAY  #andy.edu class C
> 172.16               RELAY
> 172.17               RELAY
> 172.31               RELAY
> 192.168              RELAY
>            RELAY

Without the milter-null-* tags use said you tried way above, the above 
sendmail entries would considered white list entries and simply pass 
through. (This will change in the next release of LibSnert based on some 
prior list discussions the other month.)

Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         AIM: SirWumpus    Sendmail Milter Solutions
http://www.snert.com/     ICQ: 7116561

Lists Index Date Thread Search