[Greylist-users] spamd RSET problem - fixed in last release?
kevin at tweakedcase.com
Wed Jun 29 09:36:35 PDT 2005
Yes, since about a month after the 3.6 release.
On Wed, 29 Jun 2005 11:06:51 -0500
Graham Toal <gtoal at gtoal.com> wrote:
> I tracked down an issue today why spamd was never whitelisting one
> particular sender. Here's what happens when they connect to us:
> 220 spamfilter.panam.edu ESMTP spamd IP-based SPAM blocker; Tue Jun 29 09:25:03 2004
> HELO ecogenemld80.cbmain.collegeboard.local
> 250 Hello, spam sender. Pleased to be wasting your time.
> 500 5.5.1 Command unrecognized
> 221 spamfilter.panam.edu
> When they get the 250 status code, they should then issue MAIL FROM and a RCPT TO
> commands. However they are issuing a RSET instead, and I suspect that they QUIT
> immediately because the RSET is not recognised, so they never send the
> information necessary to build the tuples.
> So my guess is that both their mailer *and* our grey list server are slightly broken,
> although neither in a way that is against the RFCs - just enough that they
> don't cooperate properly; i.e. we should implement the RSET and they should
> not quit when the RSET fails.
> I've manually whitelisted this sender for now (once I remembered to add them
> to <whitelist> rather than <spamd-white> - ouch! - it kept disappearing :-) )
> I'm not at all sure what mail system they are running, as its behaviour is very
> strange, for example when we connect to it from here manually this is what we see:
> gtoal at infos ~$ telnet 220.127.116.11 smtp
> Trying 18.104.22.168...
> Connected to 22.214.171.124.
> Escape character is '^]'.
> 220 ***********0 ****************2******200***0**2*****0*00
> HELO panam.edu
> 250 ecogenemld70 Hello Unknown, ready to receive from - panam.edu
> Connection closed by foreign host.
> Note that *they* disconnected us as soon as I hit ENTER after HELO panam.edu
> - I don't know if they're doing some very dodgy keystroke timing to
> detect manual connections, or if they're just broken. And what's with
> that cooky welcome banner??? Anyone recognise the type of server?
> Anyway, this is a feature request for spamd to implement RSET...
> I'ld hack it in myself but the standard release doesn't come with
> source :-(
> Hold on a sec ... aha ...
> - looks like I wasn't the first to discover this. I bet it's fixed
> in the latest (3.7) release of OpenBSD ...
> (Goes off to runs 'strings' n the binary on the live system and
> also on the binary on the box I installed at home a couple of weeks
> ago... yup, the newer one contains the string "RSET" :-) )
> Given that I have spamd running in front of a live system and am
> a touch reluctant to experiment with it and break our mail service,
> can anyone tell me if it should be safe simply to copy the /usr/libexec/spamd
> binary from a newer OpenBSD system and not make any other changes?
> (I'd save the old file and copy the new one in place, and just
> try it, except that I'm afraid that if there are any database
> format changes for example, I might trash some critical files
> that I didn't know to back up. Call it professional paranoia.)
> Will there be any incompatible libraries? Changed config files?
> Other files I should copy too?
> Is there a better way of updating? should I rebuild from source?
> (I'm not too clear as to where the home page for spamd is or how
> to find a tar file - is this one of these complicated deals where
> you have to use some sort of package mechanism or cvs? - I'm not
> an openbsd native so if there's more to it that fetching the tar
> file and running make, would you indulge me please and point me
> at the basics?)
More information about the Greylist-users