Problem with smtpd_delay_reject and reject_unlisted_sender

Sat, 18 Oct 2008 01:07:30 -0700 

Hello,
Several months ago I discovered a problem with reject_unlisted_sender allowing through some mail that should have been blocked. I finally found the incentive to track it down and create a simple test case for it. 


The apparent problem is that reject_unlisted_sender in 
smtpd_recipient_restrictions doesn't work correctly when 
smtpd_delay_reject is set to no.  If the sender address would be 
blocked by reject_unlisted_sender, the first RCPT TO blocks the 
invalid sender address as expected, but any RCPT TO sent afterward 
is accepted with a 250 OK.



Here are two raw SMTP transcripts that show the problem (nothing has 
been changed here).  In the following, [EMAIL PROTECTED] 
is not a valid address, and [EMAIL PROTECTED] is valid (it is 
listed in local_recipient_maps).


    $ postconf mail_version
    mail_version = 2.5.5

    $ postconf myhostname
    myhostname = babingka.lava.net


The first is with smtpd_delay_reject set to yes (the default), and 
everything works correctly.


    $ postconf -n
    config_directory = /etc/postfix
    smtpd_delay_reject = yes
    smtpd_recipient_restrictions = reject_unauth_destination,
        reject_unlisted_sender

    --> 220 babingka.lava.net ESMTP Postfix
    <-- EHLO primo.lava.net
    --> 250-babingka.lava.net
    --> 250-PIPELINING
    --> 250-SIZE 10240000
    --> 250-VRFY
    --> 250-ETRN
    --> 250-ENHANCEDSTATUSCODES
    --> 250-8BITMIME
    --> 250 DSN
    <-- MAIL FROM:<[EMAIL PROTECTED]>
    --> 250 2.1.0 Ok
    <-- RCPT TO:<[EMAIL PROTECTED]>
    --> 550 5.1.0 <[EMAIL PROTECTED]>: Sender address rejected: User unknown in 
local recipient table
    <-- RCPT TO:<[EMAIL PROTECTED]>
    --> 550 5.1.0 <[EMAIL PROTECTED]>: Sender address rejected: User unknown in 
local recipient table
    <-- RCPT TO:<[EMAIL PROTECTED]>
    --> 550 5.1.0 <[EMAIL PROTECTED]>: Sender address rejected: User unknown in 
local recipient table
    <-- RCPT TO:<[EMAIL PROTECTED]>
    --> 550 5.1.0 <[EMAIL PROTECTED]>: Sender address rejected: User unknown in 
local recipient table
    <-- QUIT
    --> 221 2.0.0 Bye


Now with smtpd_delay_reject set to no.  Notice the first address is 
blocked, but all recipients after that get accepted.


    $ postconf -n
    config_directory = /etc/postfix
    smtpd_delay_reject = no
    smtpd_recipient_restrictions = reject_unauth_destination,
        reject_unlisted_sender

    --> 220 babingka.lava.net ESMTP Postfix
    <-- EHLO primo.lava.net
    --> 250-babingka.lava.net
    --> 250-PIPELINING
    --> 250-SIZE 10240000
    --> 250-VRFY
    --> 250-ETRN
    --> 250-ENHANCEDSTATUSCODES
    --> 250-8BITMIME
    --> 250 DSN
    <-- MAIL FROM:<[EMAIL PROTECTED]>
    --> 250 2.1.0 Ok
    <-- RCPT TO:<[EMAIL PROTECTED]>
    --> 550 5.1.0 <[EMAIL PROTECTED]>: Sender address rejected: User unknown in 
local recipient table
    <-- RCPT TO:<[EMAIL PROTECTED]>
    --> 250 2.1.5 Ok
    <-- RCPT TO:<[EMAIL PROTECTED]>
    --> 250 2.1.5 Ok
    <-- RCPT TO:<[EMAIL PROTECTED]>
    --> 250 2.1.5 Ok
    <-- QUIT
    --> 221 2.0.0 Bye






















					Reply via email to