From andrewb at zagam.net Sat Feb 27 03:16:00 2010 From: andrewb at zagam.net (Andrew Buckeridge) Date: Sat, 27 Feb 2010 11:16:00 +0800 Subject: [RFCI-Discuss] DSN qantas.com.au Message-ID: <20100227111600.6377bd64.andrewb@zagam.net> See http://www.rfc-ignorant.org/tools/detail.php?domain=qantas.com.au&submitted=1267153108&table=dsn They accept "MAIL FROM:<>" with "250 sender <> ok", but defer refusal to "RCPT TO:" with "550 #5.1.0 Rejected by bounce verification." Such deferral may circumvent the DSN list and make it less useful. I want to add such domains to the DSN list, but can't. The list would be handy as sort of white list in exim4. I.e. verify calls failed so tag only and accept anyway. Exim4 ACLs could look something like this: > TERNARYBUGFIX = acl_m3 DO_WARN macro sets some variables for grey listing defered until RCPT TO:<> so that we know who the email was for and manipulates the teergrube delay challenge. If they spoof their session we to be sure that it is a real MTA talking to us and not the excess capacity of the Microsoft bot net. Macros are in ALL_CAPS C style. Somewhere in the acl_smtp_mail ACL: > # 1. Is envelope sender genuine? > > warn set TERNARYBUGFIX = \ > MAIL Envelope sender <$sender_address> does not accept SMTP > > warn verify = sender/callout=300s > set TERNARYBUGFIX = > > # For Qantas.com.au > warn condition = ${if eq{$TERNARYBUGFIX}{}{no}{yes}} > dnslists = dsn.rfc-ignorant.org/$sender_address_domain > set TERNARYBUGFIX = > > warn condition = ${if eq{$TERNARYBUGFIX}{}{no}{yes}} > DO_WARN\ > $TERNARYBUGFIX $acl_verify_message > set ACL_DELAY = ${if <{$ACL_DELAY}{LUSER}{LUSER}{$ACL_DELAY}} > > # 2. Is envelope sender domain genuine? postmaster@ > > warn set TERNARYBUGFIX = \ > MAIL mailto:submit-postmaster at rfc-ignorant.org?subject=$sender_address_domain > > warn verify = sender=postmaster@$sender_address_domain/callout=300s > set TERNARYBUGFIX = > > # For Qantas.com.au > warn condition = ${if eq{$TERNARYBUGFIX}{}{no}{yes}} > dnslists = dsn.rfc-ignorant.org/$sender_address_domain > set TERNARYBUGFIX = > > warn condition = ${if eq{$TERNARYBUGFIX}{}{no}{yes}} > DO_WARN\ > $TERNARYBUGFIX $acl_verify_message > set ACL_DELAY = ${if <{$ACL_DELAY}{LUSER}{LUSER}{$ACL_DELAY}} > > # 3. Is envelope sender domain genuine? abuse@ > > warn set TERNARYBUGFIX = \ > MAIL mailto:submit-abuse at rfc-ignorant.org?subject=$sender_address_domain > > warn verify = sender=abuse@$sender_address_domain/callout=300s > set TERNARYBUGFIX = > > # For Qantas.com.au > warn condition = ${if eq{$TERNARYBUGFIX}{}{no}{yes}} > dnslists = dsn.rfc-ignorant.org/$sender_address_domain > set TERNARYBUGFIX = > > warn condition = ${if eq{$TERNARYBUGFIX}{}{no}{yes}} > DO_WARN\ > $TERNARYBUGFIX $acl_verify_message > set ACL_DELAY = ${if <{$ACL_DELAY}{LUSER}{LUSER}{$ACL_DELAY}} From andrewb at zagam.net Sat Feb 27 03:55:26 2010 From: andrewb at zagam.net (Andrew Buckeridge) Date: Sat, 27 Feb 2010 11:55:26 +0800 Subject: [RFCI-Discuss] qantas.com.au rejecting empty MAIL FROM:<> after RCPT TO and DSN list Message-ID: <20100227115526.e39f17fe.andrewb@zagam.net> IronPort have a useless banner as with the malfeature in PrIX. The munted banner and the response to HELP looks like Cico IronPort. They don't accept bounces, but they defer until RCPT TO:<>. Now an MTA could be clever and reject empty MAIL FROM:<> if the RCPT TO:<> does not match one of their previous MAIL FROM:<>. In such a case it could still be be accepting real DSNs. If it doesn't then it need to be listed in DSN. This will break SMTP callouts. To avoid backscatter bounces we will have to proxy as message is received in real time. > andrewb at thot:/tmp$ telnet mail1.qantas.com.au 25 > Trying 139.163.137.11... > Connected to mail1.qantas.com.au. > Escape character is '^]'. > 220 mail1.qantas.com.au ESMTP > ehlo n50.bgcaus.com > 250-mail1.qantas.com.au > 250-8BITMIME > 250-SIZE 10485760 > 250 STARTTLS > help > 214-The following commands are recognized > 214- auth data ehlo helo > 214- help mail noop quit > 214 rcpt rset starttls vrfy > help mail > 214-The following commands are recognized > 214- auth data ehlo helo > 214- help mail noop quit > 214 rcpt rset starttls vrfy > help rcpt > 214-The following commands are recognized > 214- auth data ehlo helo > 214- help mail noop quit > 214 rcpt rset starttls vrfy > 221 mail1.qantas.com.au > Connection closed by foreign host.