'Sendmail rules for popbsmtp make me an open relay! Help!'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       popbsmtp-users
Subject:    Sendmail rules for popbsmtp make me an open relay! Help!
From:       "Spam" <confirm () corn-bread ! org>
Date:       2005-04-12 0:58:25
Message-ID: 00a301c53f02$6fa58490$951ea8c0 () TESTDOMINO
[Download RAW message or body]

I have been running pop-before-smtp for quite some time now.
Recently I wound up on the njabl.org blacklist.  Out of 15 relay tests, I
failed
the last one!!

The relay that got through looked something like this:

rcpt to: relaytest%rr.njabl.org@

Usually this an error that is due to using linuxconf to configure sendmail.
But in this case,
I plugged in my linux conf rules sans the pop-before-smtp code, and that
relay attempt was denied.
This leads me right to the fact that it is the pop-before-smtp code that is
allowing the relay.
(and yes, before you ask: I ran my tests from a server that was NOT in the
pop auth database).

The relevant section of my sendmail.cf file is as follows:




SLocal_check_rcpt

R$*   $: $(popauth $&{client_addr} $: <?> $)

R<?>  $@ NoPopAuth

R$*<OK>      $# OK



Scheck_rcpt

R$*               $: $(dequote "" $1 $)



# first: get client address

R$+               $: $(dequote "" $&{client_addr} $) $| $1

R0 $| $*          $@ ok       client_addr is 0 for sendmail -bs

R$={LocalIP}$* $| $*      $@ ok       from here

# next: get client name

R$* $| $+         $: $(dequote "" $&{client_name} $) $| $2

R $| $*                 $@ ok       no client name: directly invoked

#R$- $| $*        $@ ok       for those without full DNS...

R$*$=w $| $*            $@ ok       from here

R$*$={LocalNames} $| $*      $@ ok       from allowed system

#R$* $| $*        $: $(popauth $1 $)

#ROK              $@ OK

# now check other side

R$* $| $*         $: $>3 $2

# remove local part

R$+                     $:$>removelocal $1



#check popauth.db

R$*   $: $1 $| $>"Local_check_rcpt" $1

R$* $| $#$*      $#$2



# still something left?

R$*%$*<@>         $#error $@ 5.7.1 $: 551 We do not relay

R$*<@$+>$*        $#error $@ 5.7.1 $: 551 we do not relay









The $Local_check_rcpt and #check popauth.db sections are the only two that
are different

from my normal config.



So what should I change to stop these tests?  Help!



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
popbsmtp-users mailing list
popbsmtp-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/popbsmtp-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic