On Sun, 5 Jun 2005, .rp wrote:
On 31 May 2005 at 14:14, Damian Menscher wrote:
On Tue, 31 May 2005, .rp wrote:
When using the -L option, all email from netzero was getting
trapped. Is the bug in clamav-milter or netzero's email server?
ClamAV has no bugs, so it must be netzero's fault. ;)
Seriously, can you get a packet capture of an incoming message from
there? I strongly suspect they're at fault, but having that kind of
proof will make it easier to convince them to change their ways.
here is what showed in our maillog:
May 30 12:44:42 net sm-mta[31144]: j4UJiVwc031144: Milter:
from=<[EMAIL PROTECTED]>, reject=550 5.7.1 You have claimed to be
from me, but you are not
May 30 12:44:43 net sm-mta[31144]: j4UJiVwc031144:
from=<[EMAIL PROTECTED]>, size=0, class=0, nrcpts=0, proto=ESMTP,
daemon=MTA, relay=201-255-30-74.mrse.com.ar [201.255.30.74] (may be
forged)
I turned off the -L and here is what the headers are for a netzero email:
Return-Path: <[EMAIL PROTECTED]>
Received: from outbound-mail.nyc.untd.com (outbound-mail.nyc.untd.com
=
[64.136.20.164])
by net.1234.biz (8.13.0/8.13.0) with SMTP id j51BEGDT032241
for <[EMAIL PROTECTED]>; Wed, 1 Jun 2005 04:14:26 -0700
Received: from outbound21-sr.nyc.untd.com (webmail23.nyc.untd.com =
[10.141.27.163])
by smtpout06.nyc.untd.com with SMTP id AABBK5GDQAFJW4H2
for <[EMAIL PROTECTED]> (sender <[EMAIL PROTECTED]>);
Wed, 1 Jun 2005 04:13:50 -0700 (PDT)
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
What is the output of 'hostname' on your computer? I'm guessing it
returns just "net", not "net.1234.biz"? If so, you might want to fix
that, as it's the source of your problems. (If it *is* returning
"net.1234.biz" then please say so because my entire analysis below may
be incorrect.) To fix it, make sure your FQDN (fully-qualified domain
name) is the FIRST entry on the line with your IP in /etc/hosts. The
short name may come after. For example, in your /etc/hosts you'd want:
212.227.34.3 net.1234.biz net
If you already have it set up properly, please compile/run this program
on your mailserver and tell us what it outputs for your hostname:
#include <stdio.h>
#include <unistd.h>
int main(void) {
char name[100+1];
gethostname(name, 100);
name[100]=0;
printf("%s\n", name);
return 0;
}
Assuming the problem really is due to not using a FQDN, this might still
be worth fixing in clamav-milter, since it can affect others (even those
with proper setups) as well. Here is the offending code:
ptr = strstr(privdata->from, me);
if(ptr && (ptr != privdata->from) && (*--ptr == '@')) {
logg("Rejected email falsely claiming to be from %s\n", privdata->from);
smfi_setreply(ctx, "554", "5.7.1", _("You have claimed to be from me, but
you are not"));
broadcast(_("Forged local address detected"));
clamfi_cleanup(ctx);
return SMFIS_REJECT;
}
In your case, me is "net" and privdata->from is "[EMAIL PROTECTED]". So
the strstr() call returns a pointer to "netzero.net". We then have:
if(ptr && (ptr != privdata->from) && (*--ptr == '@')) {
ptr is set it doesn't equal from and the preceeding char is @
So you'll end up rejecting anything coming from @netscape, @netflix, and
plenty of other domains too. :)
I'll leave it to the real programmers to write a patch (they may just
say to set your hostname properly, but I think it would still be a
problem if, for example, the admin of mail.com wanted to receive email
from people at mail.com.fr). My suggestion would be to use strcasecmp()
to compare the strings as was done elsewhere in the code.
Damian Menscher
--
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
