Terminate session after certain SMTP commands

From: Michael Tokarev (no email)
Date: Fri Nov 01 2002 - 07:58:29 EST

Next message: Leonardo Rodrigues ( listas ): "Re: Quota Support"
Previous message: Russell Mosemann: "Re: Quota Support"
Next in thread: Wietse Venema: "Re: Terminate session after certain SMTP commands"
Maybe reply: Wietse Venema: "Re: Terminate session after certain SMTP commands"
Maybe reply: Wietse Venema: "Re: Terminate session after certain SMTP commands"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Just encountered yet another funny http "GET/CONNECT" proxy:

$telnet 211.90.175.195 8080
Trying 211.90.175.195...
Connected to 211.90.175.195.
Escape character is '^]'.
GET mail.corpit.ru:25 HTTP/1.0

554 Service unavailable; Client host [211.90.175.195] blocked using proxies.relays.monkeys.com; IP address [211.90.175.195] BLOCKED: See http://www.monkeys.com/anti-spam/filtering/proxies.html
502 Error: command not implemented
500 Error: bad syntax
ddd
502 Error: command not implemented
ddd
502 Error: command not implemented
ddd
502 Error: command not implemented

(ddd is what I typed). In the other words, this is almost transparent
http "GET/CONNECT" proxy - that is, instead of requested GET, we got
CONNECT and proxied connection.

Here is what was seen by postfix:

Transcript of session follows.

  Out: 554 Service unavailable; Client host [211.90.175.195] blocked using
      proxies.relays.monkeys.com; IP address [211.90.175.195] BLOCKED: See
      http://www.monkeys.com/anti-spam/filtering/proxies.html
  In: GET HTTP/1.0
  Out: 502 Error: command not implemented
  In:
  Out: 500 Error: bad syntax
  In: ddd
  Out: 502 Error: command not implemented
  In: ddd
  Out: 502 Error: command not implemented
  In: ddd
  Out: 502 Error: command not implemented

Session aborted, reason: lost connection

I.e., the GET command was sent to smtp server.

There is more such examples. Like e.g. wingate's ftp proxy that
also allows to be abused this way (it sends USER command to smtp
server) - (I will not share information about it here).

Wietse, what I'm thinking of is - would it be OK to implement e.g.
smtpd_commands_maps parameter, where the key is a command received
by smtpd, and result is TERMINATE to terminate a session, or a reason?
This way, a generalized framework will be available that replaces
already existing one (when postfix closes SMTP session when it sees
email header instead of smtp command).

Thanks.

/mjt

-
To unsubscribe, send mail to with content
(not subject): unsubscribe postfix-users

Next message: Leonardo Rodrigues ( listas ): "Re: Quota Support"
Previous message: Russell Mosemann: "Re: Quota Support"
Next in thread: Wietse Venema: "Re: Terminate session after certain SMTP commands"
Maybe reply: Wietse Venema: "Re: Terminate session after certain SMTP commands"
Maybe reply: Wietse Venema: "Re: Terminate session after certain SMTP commands"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs