[Greylist-users] spamd RSET problem - fixed in last release?

Graham Toal gtoal at gtoal.com
Wed Jun 29 09:06:51 PDT 2005 

I tracked down an issue today why spamd was never whitelisting one
particular sender.  Here's what happens when they connect to us:

---
220 spamfilter.panam.edu ESMTP spamd IP-based SPAM blocker; Tue Jun 29 09:25:03 2004
HELO ecogenemld80.cbmain.collegeboard.local
250 Hello, spam sender. Pleased to be wasting your time.
RSET
500 5.5.1 Command unrecognized
QUIT
221 spamfilter.panam.edu
---

When they get the 250 status code, they should then issue MAIL FROM and a RCPT TO
commands.  However they are issuing a RSET instead, and I suspect that they QUIT
immediately because the RSET is not recognised, so they never send the
information necessary to build the tuples.

So my guess is that both their mailer *and* our grey list server are slightly broken,
although neither in a way that is against the RFCs - just enough that they
don't cooperate properly; i.e. we should implement the RSET and they should
not quit when the RSET fails.

I've manually whitelisted this sender for now (once I remembered to add them
to <whitelist> rather than <spamd-white> - ouch!  - it kept disappearing :-)  )

I'm not at all sure what mail system they are running, as its behaviour is very
strange, for example when we connect to it from here manually this is what we see:

---
gtoal at infos ~$ telnet 64.191.211.13 smtp
Trying 64.191.211.13...
Connected to 64.191.211.13.
Escape character is '^]'.
220 ***********0 ****************2******200***0**2*****0*00
HELO panam.edu
250 ecogenemld70 Hello Unknown, ready to receive from  - panam.edu
Connection closed by foreign host.
---

Note that *they* disconnected us as soon as I hit ENTER after HELO panam.edu

- I don't know if they're doing some very dodgy keystroke timing to
detect manual connections, or if they're just broken.  And what's with
that cooky welcome banner???  Anyone recognise the type of server?

Anyway, this is a feature request for spamd to implement RSET...
I'ld hack it in myself but the standard release doesn't come with
source :-(

Hold on a sec ... aha ...

http://archives.neohapsis.com/archives/openbsd/2004-09/1482.html
- looks like I wasn't the first to discover this.  I bet it's fixed
in the latest (3.7) release of OpenBSD ... 

(Goes off to runs 'strings' n the binary on the live system and
also on the binary on the box I installed at home a couple of weeks
ago... yup, the newer one contains the string "RSET" :-) )

Given that I have spamd running in front of a live system and am
a touch reluctant to experiment with it and break our mail service,
can anyone tell me if it should be safe simply to copy the /usr/libexec/spamd
binary from a newer OpenBSD system and not make any other changes?

(I'd save the old file and copy the new one in place, and just
try it, except that I'm afraid that if there are any database
format changes for example, I might trash some critical files
that I didn't know to back up.  Call it professional paranoia.)

Will there be any incompatible libraries?  Changed config files?
Other files I should copy too?

Is there a better way of updating?  should I rebuild from source?
(I'm not too clear as to where the home page for spamd is or how
to find a tar file - is this one of these complicated deals where
you have to use some sort of package mechanism or cvs? - I'm not
an openbsd native so if there's more to it that fetching the tar
file and running make, would you indulge me please and point me
at the basics?)


Thanks,

Graham

More information about the Greylist-users mailing list