[Greylist-users] spamd RSET problem - fixed in last release?

Kevin Nelson kevin at tweakedcase.com
Wed Jun 29 09:36:35 PDT 2005 

Yes, since about a month after the 3.6 release.

On Wed, 29 Jun 2005 11:06:51 -0500
Graham Toal <gtoal at gtoal.com> wrote:

> I tracked down an issue today why spamd was never whitelisting one
> particular sender.  Here's what happens when they connect to us:
> 
> ---
> 220 spamfilter.panam.edu ESMTP spamd IP-based SPAM blocker; Tue Jun 29 09:25:03 2004
> HELO ecogenemld80.cbmain.collegeboard.local
> 250 Hello, spam sender. Pleased to be wasting your time.
> RSET
> 500 5.5.1 Command unrecognized
> QUIT
> 221 spamfilter.panam.edu
> ---
> 
> When they get the 250 status code, they should then issue MAIL FROM and a RCPT TO
> commands.  However they are issuing a RSET instead, and I suspect that they QUIT
> immediately because the RSET is not recognised, so they never send the
> information necessary to build the tuples.
> 
> So my guess is that both their mailer *and* our grey list server are slightly broken,
> although neither in a way that is against the RFCs - just enough that they
> don't cooperate properly; i.e. we should implement the RSET and they should
> not quit when the RSET fails.
> 
> I've manually whitelisted this sender for now (once I remembered to add them
> to <whitelist> rather than <spamd-white> - ouch!  - it kept disappearing :-)  )
> 
> I'm not at all sure what mail system they are running, as its behaviour is very
> strange, for example when we connect to it from here manually this is what we see:
> 
> ---
> gtoal at infos ~$ telnet 64.191.211.13 smtp
> Trying 64.191.211.13...
> Connected to 64.191.211.13.
> Escape character is '^]'.
> 220 ***********0 ****************2******200***0**2*****0*00
> HELO panam.edu
> 250 ecogenemld70 Hello Unknown, ready to receive from  - panam.edu
> Connection closed by foreign host.
> ---
> 
> Note that *they* disconnected us as soon as I hit ENTER after HELO panam.edu
> 
> - I don't know if they're doing some very dodgy keystroke timing to
> detect manual connections, or if they're just broken.  And what's with
> that cooky welcome banner???  Anyone recognise the type of server?
> 
> Anyway, this is a feature request for spamd to implement RSET...
> I'ld hack it in myself but the standard release doesn't come with
> source :-(
> 
> Hold on a sec ... aha ...
> 
> http://archives.neohapsis.com/archives/openbsd/2004-09/1482.html
> - looks like I wasn't the first to discover this.  I bet it's fixed
> in the latest (3.7) release of OpenBSD ... 
> 
> (Goes off to runs 'strings' n the binary on the live system and
> also on the binary on the box I installed at home a couple of weeks
> ago... yup, the newer one contains the string "RSET" :-) )
> 
> Given that I have spamd running in front of a live system and am
> a touch reluctant to experiment with it and break our mail service,
> can anyone tell me if it should be safe simply to copy the /usr/libexec/spamd
> binary from a newer OpenBSD system and not make any other changes?
> 
> (I'd save the old file and copy the new one in place, and just
> try it, except that I'm afraid that if there are any database
> format changes for example, I might trash some critical files
> that I didn't know to back up.  Call it professional paranoia.)
> 
> Will there be any incompatible libraries?  Changed config files?
> Other files I should copy too?
> 
> Is there a better way of updating?  should I rebuild from source?
> (I'm not too clear as to where the home page for spamd is or how
> to find a tar file - is this one of these complicated deals where
> you have to use some sort of package mechanism or cvs? - I'm not
> an openbsd native so if there's more to it that fetching the tar
> file and running make, would you indulge me please and point me
> at the basics?)
> 
> 
> Thanks,
> 
> Graham

More information about the Greylist-users mailing list