[CLUE-Tech] MTA questions
Sean LeBlanc
seanleblanc at americanisp.net
Sun Dec 8 15:16:11 MST 2002
On 12-08 14:40, Dave Price wrote:
> On Sun, Dec 08, 2002 at 01:45:58PM -0700, Sean LeBlanc wrote:
> >
> > The only thing is, I don't want to go futzing around with things I know
> > nothing about, like qmail/sendmail/exim/whatever for no reason
> > - is there any way to discern if it's my problem or AmericanISP's? The odd
> > thing is that I can subscribe, no problem, and it's the same domain, but
> > maybe the list software is configured to be picky about mail sent to the
> > list itself...
>
> The list server may be ignoring you if your 'from' address does not
> match your subscribed address - or (more likely) your 'from address'
> does not match the reverse-lookup that they do to confirm it
>
> That is from your headers)
>
> you claim to be: seanleblanc at americanisp.net
>
> but your ssmtp is id'ing you as: bedroom.lakwod3.co.home.com
> (see the HELO line)
> <snip>
> Received: (qmail 14685 invoked from network); 8 Dec 2002 20:45:58 -0000
> Received: from 216-38-48-80.ip.amisp.net (HELO
> bedroom.lakwod3.co.home.com) (216.38.48.80)
> by 0 with SMTP; 8 Dec 2002 20:45:58 -0000
> Received: by bedroom.lakwod3.co.home.com (sSMTP sendmail emulation);
> Sun, 8 Dec 2002 13:45:58 -0700
> From: Sean LeBlanc <seanleblanc at americanisp.net>
> To: clue-tech at clue.denver.co.us
> Message-ID: <20021208204558.GB14781 at smtp.americanisp.net>
>
> [davep at dp:~]$ nslookup 216.38.48.80
> Server: dbx.kinaole.org
> Address: 63.225.118.101
>
> Name: 216-38-48-80.ip.amisp.net
> Address: 216.38.48.80
>
> </snip>
>
> This looks like a relay/spoof to a sensitive mail server
>
> I am not sure about ssmtp, but exim is easy to set up as a satellite
> system to give the correct appearance to other servers.
>
> You can test sending to the smtp server for your list with telnet to
> port 25:
>
> (From the 'bat' sendmail book, but I am talking to an exim host
> YMMV)
>
> [davep at dp:~]$ telnet mail.kinaole.org 25
> Trying 63.225.118.101...
> Connected to dbx.kinaole.org.
> Escape character is '^]'.
> 220 dbx.kinaole.org ESMTP Exim 3.12 #1 Sun, 08 Dec 2002 14:33:49 -0700
> helo dp.kinaole.org
> 250 dbx.kinaole.org Hello davep at dp.kinaole.org [63.225.118.97]
> mail from:davep at kinaole.org # the truth
> 503 Sender already given # he knows
> mail from: nobody at yahoo.com # try to lie
> 503 Sender already given # he knows
> rcpt to:davep at kinaole.org
> 250 <davep at kinaole.org> is syntactically correct
> data
> 354 Enter message, ending with "." on a line by itself
> Test
> .
> 250 OK id=18L95v-0006Nd-00
> quit
> 221 dbx.kinaole.org closing connection
> Connection closed by foreign host.
I mailed this out about ten minutes too soon. :( I did suspect ssmtp, and
started digging around on this - I changed the "rewriteDomain" option in
/etc/ssmtp.conf to "americanisp.net", and I think that did the trick - my
email showed up on the freebsd-test list, so I tried sending one to the
freebsd-current list, and it also showed up.
Thanks for all the info, though. It's something I can refer to if I jack
something up again. It's only a matter of time. Call it the SIDOS - the
self-inflicted denial-of-service. :)
I guess that a mail server wouldn't bounce the message if it thinks it's
spoofed because it might just tie up the machine with mailing back bogus
messages? It's interesting freebsd's mailing list is so sensitive - I'm on
several yahoogroups and clue's mailing list, as well as a few others. I
think freebsd had some problems with spam in the past, so maybe they cracked
down on it and cranked up the paranoia settings.
Cheers,
--
Sean LeBlanc:seanleblanc at americanisp.net
http://users.americanisp.net/~seanleblanc/
Get MLAC at: http://sourceforge.net/projects/mlac/
Ability may get you to the top, but it takes character to keep you there.
-John Wooden
More information about the clue-tech
mailing list