Who is correct

Who is correct

am 22.01.2008 04:27:22 von doctor

REcent I had to complain to our provincial government that
they were in violation of an RFC:

doctor sendmail[13934]: m0HAFSK6013934: assigned id
Jan 17 03:15:28
doctor sendmail[13934]: m0HAFSK6013934: Milter (milter-null): error
connecting to filter: Connection refused by /var/lib/milter-null/socket
Jan 17 03:15:28 doctor sendmail[13934]: m0HAFSK6013934: Milter
(milter-null): to error state
Jan 17 03:15:33 doctor sendmail[13934]:
m0HAFSK6013934: --- 220 doctor.nl2k.ab.ca ESMTP Sendmail 8.14.2/8.14.2;
Thu, 17 Jan 2008 03:15:28 -0700 (MST)
Jan 17 03:15:33 doctor
sendmail[13934]: m0HAFSK6013934: <-- EHLO eipexc02.doe.min
Jan 17
03:15:33 doctor sendmail[13934]: m0HAFSK6013934: ---
250-doctor.nl2k.ab.ca Hello eipexc02.doe.min [199.214.175.53] (may be
forged), pleased to meet you
Jan 17 03:15:33 doctor sendmail[13934]:
m0HAFSK6013934: --- 250-ENHANCEDSTATUSCODES
Jan 17 03:15:33 doctor
sendmail[13934]: m0HAFSK6013934: --- 250-PIPELINING
Jan 17 03:15:33
doctor sendmail[13934]: m0HAFSK6013934: --- 250-8BITMIME
Jan 17 03:15:33
doctor sendmail[13934]: m0HAFSK6013934: --- 250-SIZE 20000000
Jan 17
03:15:33 doctor sendmail[13934]: m0HAFSK6013934: --- 250-STARTTLS
Jan 17
03:15:33 doctor sendmail[13934]: m0HAFSK6013934: --- 250-DELIVERBY
Jan
17 03:15:33 doctor sendmail[13934]: m0HAFSK6013934: --- 250 HELP
Jan 17
03:15:33 doctor sendmail[13934]: m0HAFSK6013934: <-- MAIL
FROM: SIZE=229687
Jan 17 03:15:34 doctor
sendmail[13934]: m0HAFSK6013934: --- 250 2.1.0
... Sender ok
Jan 17 03:15:34 doctor
sendmail[13934]: m0HAFSK6013934: <-- RCPT TO:
Jan 17
03:15:34 doctor sendmail[13934]: m0HAFSK6013934: dns mail1.gov.ab.ca. =>
142.229.224.159
Jan 17 03:15:34 doctor sendmail[13934]: m0HAFSK6013934: dns
mail2.gov.ab.ca. =>
199.213.46.194
Jan 17 03:15:43 doctor sendmail[13934]: m0HAFSK6013934: --- 451 4.1.8
Possibly forged hostname for 199.214.175.53
Jan 17 03:15:43 doctor
sendmail[13934]: m0HAFSK6013934: ruleset=check_rcpt,
arg1=, relay=eipexc02.doe.min [199.214.175.53] (may be
forged), reject=451 4.1.8 Possibly forged hostname for 199.214.175.53
Jan 17 03:15:43 doctor sendmail[13934]: m0HAFSK6013934: <-- RSET
Jan 17
03:15:43 doctor sendmail[13934]: m0HAFSK6013934: --- 250 2.0.0 Reset
state
Jan 17 03:15:43 doctor sendmail[13934]: m0HAFSK6013934:
from=, size=229687, class=0, nrcpts=0,
proto=ESMTP, daemon=MTA, relay=eipexc02.doe.min [199.214.175.53] (may be
forged)
Jan 17 03:15:43 doctor sendmail[13934]: m0HAFSK6013934:
dropenvelope, e_flags=0x4009, OpMode=d, pid=13934
Jan 17 03:15:43 doctor
sendmail[13934]: m0HAFSK6013934: unlink ./dfm0HAFSK6013934
Jan 17 03:15:43 doctor sendmail[13934]: m0HAFSK6013934: ./dfm0HAFSK6013934:
unlink-fail 2
Jan 17 03:15:43 doctor sendmail[13934]: m0HAFSK6013934:
unlink ./qfm0HAFSK6013934
Jan 17 03:15:43 doctor sendmail[13934]:
m0HAFSK6013934: ./qfm0HAFSK6013934: unlink-fail 2
Jan 17 03:15:43 doctor
sendmail[13934]: m0HAFSK6013934: unlock
Jan 17 03:15:43 doctor
sendmail[13934]: m0HAFSK6013934: unlink ./xfm0HAFSK6013934
Jan 17 03:15:43 doctor sendmail[13934]: m0HAFSK6013934:
../xfm0HAFSK6013934: unlink-fail 2

And here what I got back:

It would appear that upon examining your log that you are performing
lookups on SMTP senders morning then 1 deep. You actually had to go 3
deep to hit the ministries internal email service, which across the
world is not uncommon to not list A records for internal servers in
public DNS. It is our recommendation that you only check 1 deep which
would be your most likely faulty relay point if one existed, anymore
then 1 back, you risk losing legitimate email. Many environments are
also using private subnet classes such as 10.0.0.0 or 192.168.0.0 which
can also exhibit the same forged address errors.

At this point Energy or the Government of Alberta is not doing anything
out of the ordinary, nor would either entity be able to make any changes
to attempt to resolve this issue in a timely fashion. We do acknowledge
that some antispam vendor's have come up with more extreme rule checks
in the past of checking for SMTP problems on relays up to 4 deep, but
this is not only impractical in configuration of large email
environments, it creates excessive loading and performance issues on
spam appliances and DNS servers.



end of reply.


Who needs to fix what?
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God, Queen and country! Beware Anti-Christ rising!
Born 29 Jan 1969 Redhill Surrey England

Re: Who is correct

am 22.01.2008 04:58:08 von unknown

Post removed (X-No-Archive: yes)

Re: Who is correct

am 22.01.2008 16:05:13 von Sylvain Robitaille

The Doctor wrote:

> REcent I had to complain to our provincial government that
> they were in violation of an RFC:
> ... ...

Which RFC are you complaining that they are in violation of, what
point(s) of the RFC are they in violation of, and what of your log
extract supports your complaint? If you make that clear (to them), you
might get the result you're after. The response they sent you suggests
that they haven't understood the complaint, but it took me a few
readings of your news post to understand what was really going on, so
I'm inclined to believe that your complaint was probably unclear.

> Who needs to fix what?

It looks to me as though your mail server temp-failed a message from
their mail server because of a DNS mismatch (no matching A record for
the PTR record for thei mail relay's IP address). The DNS mismatch is
their problem to fix, but whether you want to risk a high potential for
collateral damage by not accepting messages based on this point is your
decision to make.

I hope that helps ...

--
------------------------------------------------------------ ----------
Sylvain Robitaille syl@alcor.concordia.ca

Network and Systems analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
------------------------------------------------------------ ----------

Re: Who is correct

am 22.01.2008 16:08:05 von doctor

In article ,
Res wrote:
>On Tue, 22 Jan 2008, The Doctor wrote:
>
>> sendmail[13934]: m0HAFSK6013934: <-- EHLO eipexc02.doe.min
>> Jan 17
>> 03:15:33 doctor sendmail[13934]: m0HAFSK6013934: ---
>> 250-doctor.nl2k.ab.ca Hello eipexc02.doe.min [199.214.175.53] (may be
>> forged), pleased to meet you
>
>
>They are in the wrong, there outbound server that connected to you was
>199.214.175.53, this IP resolves to eipexc02.doe.min which in turn does
>naturally not resolve.
>
>It doesn't care about the 'name' in the 'helo', for instance upon testing
>your machine from here -
>
>Trying x.x.x.x...
>Connected to doctor.x.x.x.
>Escape character is '^]'.
>helo pinky
>220 doctor.x.x.x ESMTP Sendmail 8.14.2/8.14.2; Mon, 21 Jan 2008
>20:54:03 -0700 (MST)
>250 doctor.x.x.x Hello x.ausics.net [58.96.38.x], pleased to meet you
>
>Send them this email if you like, tell them to give their 'outbound'
>mail server a 'real' hostname.
>
>
>--
>Cheers
>Res
>
>mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';

I was just about to.
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God, Queen and country! Beware Anti-Christ rising!
Born 29 Jan 1969 Redhill Surrey England