Too stupid for rhsbl?

From: Ralf Hildebrandt (no email)
Date: Tue Apr 02 2002 - 08:10:28 EST

It seems I'm too stupid for rhsbl using Josef's patch.
What I did:

smtpd_recipient_restrictions =
   reject_unauth_pipelining,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   permit_mynetworks,
   reject_unauth_destination,
   check_recipient_access btree:/etc/postfix/recipient_checks,
   check_sender_access btree:/etc/postfix/sender_checks,
                          rhsbl:/etc/postfix/rhsbl_sender_domain,
   check_client_access btree:/etc/postfix/client_checks,
   reject_invalid_hostname,
   reject_maps_rbl,
   permit

This should do a rhsbl lookup using /etc/postfix/rhsbl_sender_domain:

dsn.rfc-ignorant.org 554 $sender_domain does not accept bounces. This violates RFC 821/2505/2821 - see http://www.rfc-ignorant.org/
postmaster.rfc-ignorant.org 554 Mail rejected as $sender_domain does not have a working postmaster address - see http://www.rfc-ignorant.org/
abuse.rfc-ignorant.org 554 Mail rejected as $sender_domain does not have a working abuse address - see http://www.rfc-ignorant.org/

But mail sent to the tester:

ask-test-rfc-(ZONE)@null.dk
e.g.,
 

still gets through. A manual lookup results in:

# host charite.de.dsn.rfc-ignorant.org
Host charite.de.dsn.rfc-ignorant.org not found: 3(NXDOMAIN)

(yes, we're not ignorant)

# host i.am.dsn.rfc-ignorant.null.dk.dsn.rfc-ignorant.org
i.am.dsn.rfc-ignorant.null.dk.dsn.rfc-ignorant.org has address 127.0.0.2

(but they are!)

If I do a :
# tail -f current | grep null.dk
on the dnscache logfile while sending the mail, I get:

query 545008 7f000001:a66c:d18a 1 null.dk.
cached 1 null.dk.
query 545009 7f000001:a66c:3f0d 15 null.dk.
cached 15 null.dk.
query 545010 7f000001:a66c:3f0e 1 mimer.null.dk.
cached 1 mimer.null.dk.

(mail goes out)

query 545125 7f000001:a66c:3f10 15 null.dk.
cached 15 null.dk.
query 545127 7f000001:a66c:d1d8 1 mimer.null.dk.
cached 1 mimer.null.dk.
query 545128 7f000001:a66c:d1d9 1 i.am.dsn.rfc-ignorant.null.dk.
cached 1 i.am.dsn.rfc-ignorant.null.dk.
query 545129 7f000001:a66c:d1da 15 i.am.dsn.rfc-ignorant.null.dk.
cached 15 i.am.dsn.rfc-ignorant.null.dk.
query 545138 7f000001:a66c:ba8b 15 i.am.dsn.rfc-ignorant.null.dk.
cached 15 i.am.dsn.rfc-ignorant.null.dk.
query 545140 7f000001:a66c:789a 1 mimer.null.dk.
cached 1 mimer.null.dk.
query 545141 7f000001:a66c:789b 1 null.dk.
cached 1 null.dk.

(mail comes in)

So where is the i.am.dsn.rfc-ignorant.null.dk.dsn.rfc-ignorant.org
lookup? 

-- 
Ralf Hildebrandt (Im Auftrag des Referat V A)   
Charite Campus Virchow-Klinikum                 Tel.  +49 (0)30-450 570-155
Referat V A - Kommunikationsnetze -             Fax.  +49 (0)30-450 570-916
Now that we know Microsoft's plan for world domination isn't superman
suppost to come out and kick some ass? 
-
To unsubscribe, send mail to  with content
(not subject): unsubscribe postfix-users





Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD