Discussion:
ucspi-tcp / rblsmtpd query
(too old to reply)
Julian Grunnell
2007-08-03 14:28:58 UTC
Permalink
Hi - I know this is not strictly speaking a qmail query but can't see a
qmail mailing list that deals specifically with rblsmtpd so I'll ask here on
the off chance that someone knows whats going on. In a nutshell the rblsmtp
daemon is querying IP's and the results are having the IP reversed and mail
is getting blocked incorrectly. This is completely random and I've only been
made aware of one example so far. A customer with several domains that sends
via the IP 217.68.241.200.

snippet from /var/log/qmail/smtpd/current

2007-08-03 12:59:00.321447500 tcpserver: pid 27334 from 217.68.241.200
2007-08-03 12:59:00.321450500 tcpserver: ok 27334
inbound1.firstnet.net.uk:10.10.11.7:25 :217.68.241.200::38264
2007-08-03 12:59:00.323081500 rblsmtpd: 217.68.241.200 pid 27334: 451
http://www.spamhaus.org/query/bl?ip=200.241.68.217

actual IP is 217.68.241.200
spamhaus result is 200.241.68.217

The IP 200.241.68.217 is actually black liste and causing the mail from
217.68.241.200 to be rejected?

Anyone seen this odd behaviour before?

Thanks - Julian.


Julian Grunnell
3rd Line Technical Support
Pipex Communications

Tel: 0113 344 1304
Mob: 07803 649593
Web: http://www.pipex.com/

This e-mail is subject to: http://www.pipex.net/disclaimer.html
Charles Cazabon
2007-08-03 15:32:43 UTC
Permalink
Post by Julian Grunnell
Hi - I know this is not strictly speaking a qmail query but can't see a
qmail mailing list that deals specifically with rblsmtpd so I'll ask here on
the off chance that someone knows whats going on. In a nutshell the rblsmtp
daemon is querying IP's and the results are having the IP reversed and mail
is getting blocked incorrectly. This is completely random and I've only been
made aware of one example so far. A customer with several domains that sends
via the IP 217.68.241.200.
snippet from /var/log/qmail/smtpd/current
2007-08-03 12:59:00.321447500 tcpserver: pid 27334 from 217.68.241.200
[...]
Post by Julian Grunnell
2007-08-03 12:59:00.323081500 rblsmtpd: 217.68.241.200 pid 27334: 451
http://www.spamhaus.org/query/bl?ip=200.241.68.217
[...]
Post by Julian Grunnell
Anyone seen this odd behaviour before?
Hmmm, no. First question: do you have any patches applied to your
daemontools or ucspi-tcp installations, or are they pure-djb?

Charles
--
--------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
My services include qmail consulting. See http://pyropus.ca/ for details.
--------------------------------------------------------------------------

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Julian Grunnell
2007-08-03 16:46:05 UTC
Permalink
-----Original Message-----
Sent: 03 August 2007 16:33
Subject: Re: ucspi-tcp / rblsmtpd query
Post by Julian Grunnell
Hi - I know this is not strictly speaking a qmail query but
can't see
Post by Julian Grunnell
a qmail mailing list that deals specifically with rblsmtpd
so I'll ask
Post by Julian Grunnell
here on the off chance that someone knows whats going on. In a
nutshell the rblsmtp daemon is querying IP's and the results are
having the IP reversed and mail is getting blocked
incorrectly. This
Post by Julian Grunnell
is completely random and I've only been made aware of one
example so
Post by Julian Grunnell
far. A customer with several domains that sends via the IP
217.68.241.200.
Post by Julian Grunnell
snippet from /var/log/qmail/smtpd/current
2007-08-03 12:59:00.321447500 tcpserver: pid 27334 from
217.68.241.200
[...]
Post by Julian Grunnell
2007-08-03 12:59:00.323081500 rblsmtpd: 217.68.241.200 pid
27334: 451
Post by Julian Grunnell
http://www.spamhaus.org/query/bl?ip=200.241.68.217
[...]
Post by Julian Grunnell
Anyone seen this odd behaviour before?
Hmmm, no. First question: do you have any patches applied to
your daemontools or ucspi-tcp installations, or are they pure-djb?
Charles
--
Hi - apologies should have stated this, qmail was built as per LWQ with the
addition of qmail-spp-0.42 to allow greylisting to also be implemented.
qmail-smtpd is started with:

cat /service/qmail-smtpd/run
#!/bin/sh

QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`

GREYLISTING=/var/qmail/control/greylisting
export GREYLISTING

if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ];
then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi

if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open
relay"
exit 1
fi

exec /usr/local/bin/softlimit -m 16000000 \
/usr/local/bin/tcpserver -v -H -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c
"$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/usr/local/bin/rblsmtpd -r sbl-xbl.spamhaus.org 2>&1 \
/var/qmail/bin/qmail-smtpd 2>&1


Thanks - Julian.
--------------------------------------------------------------
------------
Charles Cazabon
Read
http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
My services include qmail consulting. See http://pyropus.ca/
for details.
--------------------------------------------------------------
------------
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Julian Grunnell
2007-08-06 12:51:52 UTC
Permalink
Problem solved, do it all with qmail-spp or use either greylisting or
rblsmtpd but not both. Using one or the other does a great job of getting
rid of unwanted mail so I'm happy.

Julian.
-----Original Message-----
Sent: 03 August 2007 17:46
Subject: RE: ucspi-tcp / rblsmtpd query
-----Original Message-----
Sent: 03 August 2007 16:33
Subject: Re: ucspi-tcp / rblsmtpd query
Post by Julian Grunnell
Hi - I know this is not strictly speaking a qmail query but
can't see
Post by Julian Grunnell
a qmail mailing list that deals specifically with rblsmtpd
so I'll ask
Post by Julian Grunnell
here on the off chance that someone knows whats going on. In a
nutshell the rblsmtp daemon is querying IP's and the results are
having the IP reversed and mail is getting blocked
incorrectly. This
Post by Julian Grunnell
is completely random and I've only been made aware of one
example so
Post by Julian Grunnell
far. A customer with several domains that sends via the IP
217.68.241.200.
Post by Julian Grunnell
snippet from /var/log/qmail/smtpd/current
2007-08-03 12:59:00.321447500 tcpserver: pid 27334 from
217.68.241.200
[...]
Post by Julian Grunnell
2007-08-03 12:59:00.323081500 rblsmtpd: 217.68.241.200 pid
27334: 451
Post by Julian Grunnell
http://www.spamhaus.org/query/bl?ip=200.241.68.217
[...]
Post by Julian Grunnell
Anyone seen this odd behaviour before?
Hmmm, no. First question: do you have any patches applied to your
daemontools or ucspi-tcp installations, or are they pure-djb?
Charles
--
Hi - apologies should have stated this, qmail was built as
per LWQ with the addition of qmail-spp-0.42 to allow
greylisting to also be implemented.
cat /service/qmail-smtpd/run
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
GREYLISTING=/var/qmail/control/greylisting
export GREYLISTING
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o
-z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll
create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 16000000 \
/usr/local/bin/tcpserver -v -H -R -l "$LOCAL" -x
/etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/usr/local/bin/rblsmtpd -r sbl-xbl.spamhaus.org 2>&1 \
/var/qmail/bin/qmail-smtpd 2>&1
Thanks - Julian.
--------------------------------------------------------------
------------
Charles Cazabon
Read
http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
My services include qmail consulting. See http://pyropus.ca/ for
details.
--------------------------------------------------------------
------------
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...