Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

dbf2mysql parameter, WWWXXXAPC, wwwxxxAPC, How to unsubscrube from dategen spam, docmd.close 2585, WWWXXXDOCO, nu vot, dhcpd lease file "binding state", WWWXXXDOCO, how to setup procmail to process html2text

Links

XODOX
Impressum

#1: DNSBL quarantine issues..

Posted on 2008-04-17 15:08:27 by Kanth

I am using sendmail 8.14.2 and am using the new option to quarantine
instead of bounce mail in my enhdnsbl tags.

For example: FEATURE(enhdnsbl,`relays.ordb.org',`quarantine',`t')dnl

My issue is that as soon as I changed this, mail stopped being
blocked, but then it was delivered to the user's instead of being
quarantined. I also didn't think I would need to change anything
except turn this on, and recompile the sendmail.cf based on my new
config.mc file.

I had assumed sendmail would process it the same way that it processes
mail if the quarantine:<reason> flag was put into access/access.db.
That is to say it would go into the quarantine queue (shown by mailq -
qQ) and could later be reviewed and passed on to a user after making a
determination of if the mail was relevant.

Instead, as I said, the mail is delivered, which means the spam ends
up in the mailbox of the user instead of the quarantine queue. Here is
a trace of the mail thru the log:

Apr 17 07:41:41 orangeroad sm-mta[17209]: ruleset=check_relay,
arg1=[201.230.219.229], arg2=127.0.0.2, relay=[201.230.219.229],
quarantine=relays.ordb.org
Apr 17 07:41:44 orangeroad sm-mta[17209]: m3HBfei0017209:
from=<oiilqoklukvd@bonettikozerski.com>, size=2861, class=0, nrcpts=1,
msgid=<01c8a056$42e51480$e5dbe6c9@oiilqoklukvd>, proto=ESMTP,
daemon=MTA, relay=[201.230.219.229]
Apr 17 07:41:44 orangeroad spamd[330]: connection from
localhost.localdomain [127.0.0.1] at port 33334
Apr 17 07:41:44 orangeroad spamd[330]: info: setuid to trash
succeeded
Apr 17 07:41:44 orangeroad spamd[330]: processing message
<01c8a056$42e51480$e5dbe6c9@oiilqoklukvd> for trash:1017.
Apr 17 07:41:47 orangeroad spamd[330]: clean message (0.1/5.0) for
trash:1017 in 2.8 seconds, 3159 bytes.
Apr 17 07:41:47 orangeroad spamd[330]: result: . 0 -
BAYES_50,HTML_80_90,HTML_MESSAGE
scantime=2.8,size=3159,mid=<01c8a056$42e51480$e5dbe6c9@oiilqoklukvd>,bayes=0.549292939990073,autolearn=disabled
Apr 17 07:41:47 orangeroad sm-mta[17566]: m3HBfei0017209:
to=<trash@orangeroad.tzo.com>, delay=00:00:04, xdelay=00:00:03,
mailer=local, pri=33052, dsn=2.0.0, stat=Sent

Can anyone give me any tips to look at so I can determine why this is
occurring instead of the mails being "quarantined" as I am intending?

Thanks,

-Kanth

Report this message

#2: Re: DNSBL quarantine issues..

Posted on 2008-04-17 15:43:19 by Dave Uhring

On Thu, 17 Apr 2008 06:08:27 -0700, Kanth wrote:

> I am using sendmail 8.14.2 and am using the new option to quarantine
> instead of bounce mail in my enhdnsbl tags.
>
> For example: FEATURE(enhdnsbl,`relays.ordb.org',`quarantine',`t')dnl

If you cannot be bothered to read the archives of this newsgroup I suggest
that you google "relays.ordb.org".

Report this message

#3: Re: DNSBL quarantine issues..

Posted on 2008-04-17 16:30:10 by Kanth

On Apr 17, 9:43 am, Dave Uhring <daveuhr...@yahoo.com> wrote:
> On Thu, 17 Apr 2008 06:08:27 -0700, Kanth wrote:
> > I am using sendmail 8.14.2 and am using the new option to quarantine
> > instead of bounce mail in my enhdnsbl tags.
>
> > For example: FEATURE(enhdnsbl,`relays.ordb.org',`quarantine',`t')dnl
>
> If you cannot be bothered to read the archives of this newsgroup I suggest
> that you google "relays.ordb.org".

If you are referring to it listing "all" IP addresses in the world.
Thus you are blocking all your incoming mail. I knew that.
That is actually _why_ I used it.
Since it is blocking 100% of incoming mail, and the quarantine flag
says don't block the mail, put it into quarantine. Wouldn't that make
it easy for me to test the quarantine flag?

As I stated, it blocked mail before my change (and it should have as
it has the whole world listed in it). Once set to "quarantine" it then
allowed all mail to pass through it and reach accounts, instead of
being quarantined.

Do you mean that because it lists the whole world, it breaks the
quarantine flag? Thus don't test with it? Just wait for something to
randomly hit sendmail listed at zen?

-Kanth

Report this message

#4: Re: DNSBL quarantine issues..

Posted on 2008-04-17 16:48:49 by usenetpersongerryt

On Apr 17, 7:30 am, Kanth <spencer.hasti...@gmail.com> wrote:
> On Apr 17, 9:43 am, Dave Uhring <daveuhr...@yahoo.com> wrote:
>
> > On Thu, 17 Apr 2008 06:08:27 -0700, Kanth wrote:
> > > I am using sendmail 8.14.2 and am using the new option to quarantine
> > > instead of bounce mail in my enhdnsbl tags.
>
> > > For example: FEATURE(enhdnsbl,`relays.ordb.org',`quarantine',`t')dnl
>
> > If you cannot be bothered to read the archives of this newsgroup I suggest
> > that you google "relays.ordb.org".
>
> If you are referring to it listing "all" IP addresses in the world.
> Thus you are blocking all your incoming mail. I knew that.
> That is actually _why_ I used it.
> Since it is blocking 100% of incoming mail, and the quarantine flag
> says don't block the mail, put it into quarantine. Wouldn't that make
> it easy for me to test the quarantine flag?
>
> As I stated, it blocked mail before my change (and it should have as
> it has the whole world listed in it). Once set to "quarantine" it then
> allowed all mail to pass through it and reach accounts, instead of
> being quarantined.
>
> Do you mean that because it lists the whole world, it breaks the
> quarantine flag? Thus don't test with it? Just wait for something to
> randomly hit sendmail listed at zen?
>
> -Kanth Read Nuttun

OK we'll read it for you. First Google hit says:
"The ORDB service ceased operation on December 18, 2006. The website
was retired on December 31, 2006."

Report this message

#5: Re: DNSBL quarantine issues..

Posted on 2008-04-17 16:49:03 by Kanth

Here is a new example:

FEATURE(enhdnsbl,`zen.spamhaus.org',`quarantine',`t')dnl

Maillog:

Apr 17 10:43:57 orangeroad sm-mta[31223]: ruleset=check_relay,
arg1=[201.244.53.37], arg2=127.0.0.11,
relay=Corporativos24453-37.etb.net.co [201.244.53.37] (may be forged),
quarantine=zen.spamhaus.org
Apr 17 10:44:00 orangeroad sm-mta[31223]: m3HEhvEG031223:
from=<dwvtarusm@vtarus.ro>, size=917, class=0, nrcpts=1,
msgid=<266993670.68998258984807@vtarus.ro>, proto=ESMTP, daemon=MTA,
relay=Corporativos24453-37.etb.net.co [201.244.53.37] (may be forged)
Apr 17 10:44:00 orangeroad spamd[332]: connection from
localhost.localdomain [127.0.0.1] at port 33344
Apr 17 10:44:00 orangeroad spamd[332]: info: setuid to trash
succeeded
Apr 17 10:44:00 orangeroad spamd[332]: processing message
<266993670.68998258984807@vtarus.ro> for trash:1017.

Spam, found the site at the blocklist from zen.spamhaus.org,
quarantine is set... yet it is still is delivered to the user.

-Kanth

Report this message