>Synopsis: spamd traps mail to postmaster@[i.p.a.dress] when ip is not
>listed in spamd.alloweddomains. RFC 1123/2142/2821 violation
>Category: user
>Environment:
System : OpenBSD 5.4
Details : OpenBSD 5.4 (GENERIC) #37: Tue Jul 30 12:05:01 MDT 2013
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
Architecture: OpenBSD.i386
Machine : i386
>Description:
RFC 1123/2142/2821 violation
Mail servers are required to accept mail for postmaster@[i.p.a.dress], possibly
also abuse@[i.p.a.dress], maybe hostmaster@ webmaster@, usenet@, ftp@, etc, etc.
spamd does this, EXCEPT when used with spamd.alloweddomains, AND the host's ip
addresses are not explicitly added to that file. (See the 'How-To-Repeat' and
'Fix' sections below.)
Ideally, when spamd is using alloweddomains, also automatically add all ip
addresses on which it is listening.
*RFC 1123*
Section 5.4
"Support "postmaster" | MUST"
"Accept and recognize self domain literal(s) | MUST"
Section 5.2.7
"A host that supports a receiver-SMTP MUST support the reserved mailbox
"Postmaster"."
Section 5.2.17
"An SMTP MUST accept and recognize a domain literal for any of its own IP
addresses."
*RFC 2142*
Section 1. RATIONALE AND SCOPE
"..requires the presence of a <POSTMASTER@domain> mailbox name on all hosts
that have an SMTP server."
Section 2. INVARIANTS
"For example, if an Internet service provider's domain name is COMPANY.COM,
then the <[email protected]> address must be valid and supported"
Section 4. NETWORK OPERATIONS MAILBOX NAMES
ABUSE@, NOC@, SECURITY@,
Section 5. SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
POSTMASTER@, HOSTMASTER@, USENET@, NEWS@, WEBMASTER@, WWW@, UUCP@, FTP@
*RFC 2821*
Section 3.6 Domains
"The reserved mailbox name "postmaster" may be used in a RCPT command without
domain qualification (see section 4.1.1.3) and MUST be accepted if so used."
Section 4.5.1 Minimum Implementation
"Any system that includes an SMTP server supporting mail relaying or delivery
MUST support the reserved mailbox "postmaster" as a case-insensitive local
name..... SMTP systems are expected to make every reasonable effort to accept
mail directed to Postmaster from any other system on the Internet."
>How-To-Repeat:
$ hostname
palm.britvault.co.uk
$ sudo /etc/rc.d/spamd stop
$ sudo mv /var/db/spamd /var/db/spamd~
$ egrep -v '^$|^#' spamd.alloweddomains
britvault.co.uk
@hope-church-falkirk.org.uk
@kepax.co.uk
$ sudo /etc/rc.d/spamd start
spamd(ok)
Dec 11 17:51:38 palm spamd[32752]: listening for incoming connections.
Dec 11 17:51:38 palm spamd[12277]: got suffix britvault.co.uk
Dec 11 17:51:38 palm spamd[12277]: got suffix @hope-church-falkirk.org.uk
Dec 11 17:51:38 palm spamd[12277]: got suffix @kepax.co.uk
$ hostname
oak.britvault.co.uk
$ host palm
palm.britvault.co.uk has address 78.33.153.147
$ echo blah | mail -s blah postmaster@[78.33.153.147]
$ hostname
palm.britvault.co.uk
Dec 11 17:52:59 palm spamd[32752]: 78.33.153.149: connected (1/0)
Dec 11 17:53:10 palm spamd[12277]: Trapping 78.33.153.149 for tuple
78.33.153.149 oak.britvault.co.uk <[email protected]>
<postmaster@[78.33.153.147]>
Dec 11 17:53:10 palm spamd[32752]: 78.33.153.149: disconnected after 11 seconds.
Dec 11 17:53:10 palm spamd[12277]: new greytrap entry 78.33.153.149 from
<[email protected]> to <postmaster@[78.33.153.147]>, helo
oak.britvault.co.uk
$ spamdb
TRAPPED|78.33.153.149|1386870790
>Fix:
Hack: Append all of the machine's ip addresses to spamd.alloweddomains.
This does not consider spamd's '-l[isten]' flag
Ideally, when spamd is using alloweddomains, also automatically add all ip
addresses on which it is listening.
$ hostname
palm.britvault.co.uk
$ sudo /etc/rc.d/spamd stop
$ sudo mv /var/db/spamd /var/db/spamd~~
$ ifconfig -A | awk '/inet / { print "@["$2"]" }' >>
/etc/mail/spamd.alloweddomains
$ sudo /etc/rc.d/spamd start
spamd(ok)
Dec 11 18:01:23 palm spamd[18637]: listening for incoming connections.
Dec 11 18:01:23 palm spamd[2151]: got suffix britvault.co.uk
Dec 11 18:01:23 palm spamd[2151]: got suffix @hope-church-falkirk.org.uk
Dec 11 18:01:23 palm spamd[2151]: got suffix @kepax.co.uk
Dec 11 18:01:23 palm spamd[2151]: got suffix @[127.0.0.1]
Dec 11 18:01:23 palm spamd[2151]: got suffix @[78.33.153.147]
Dec 11 18:01:23 palm spamd[2151]: got suffix @[192.168.186.5]
$ hostname
oak.britvault.co.uk
$ echo blah | mail -s blah postmaster@[78.33.153.147]
$ hostname
palm.britvault.co.uk
Dec 11 18:03:08 palm spamd[18637]: 78.33.153.149: connected (1/0)
Dec 11 18:03:19 palm spamd[2151]: new entry 78.33.153.149 from
<[email protected]> to <postmaster@[78.33.153.147]>, helo
oak.britvault.co.uk
Dec 11 18:03:19 palm spamd[18637]: 78.33.153.149: disconnected after 11 seconds.
$ spamdb
GREY|78.33.153.149|oak.britvault.co.uk|<[email protected]>|<postmaster@[78.33.153.147]>|1386784999|1386957799|1386957799|1|0
Dec 11 18:08:26 palm spamd[18637]: 78.33.153.149: connected (1/0)
Dec 11 18:08:37 palm spamd[18637]: 78.33.153.149: disconnected after 11 seconds.
Dec 11 18:18:26 palm spamd[18637]: 78.33.153.149: connected (1/0)
Dec 11 18:18:27 palm spamd[18637]: 78.33.153.149: connected (2/0)
Dec 11 18:18:27 palm spamd[18637]: 78.33.153.149: connected (3/0)
Dec 11 18:18:27 palm spamd[18637]: 78.33.153.149: connected (4/0)
Dec 11 18:18:27 palm spamd[18637]: 78.33.153.149: connected (5/0)
Dec 11 18:18:37 palm spamd[18637]: 78.33.153.149: disconnected after 11 seconds.
Dec 11 18:18:38 palm last message repeated 4 times
Dec 11 18:28:26 palm spamd[18637]: 78.33.153.149: connected (1/0)
Dec 11 18:28:37 palm spamd[18637]: 78.33.153.149: disconnected after 11 seconds.
Dec 11 18:29:24 palm spamd[19928]: queueing add of 78.33.153.149
Dec 11 18:29:24 palm spamd[19928]: whitelisting 78.33.153.149 in /var/db/spamd
$ spamdb
WHITE|78.33.153.149|||1386784999|1386786517|1389896964|6|0
Dec 11 18:38:27 palm postfix/smtpd[3495]: 3dfn2q2wMzz3tnY:
client=oak.britvault.co.uk[78.33.153.149]
Dec 11 18:38:27 palm postfix/cleanup[18201]: 3dfn2q2wMzz3tnY:
message-id=<[email protected]>
Dec 11 18:38:27 palm postfix/qmgr[28341]: 3dfn2q2wMzz3tnY:
from=<[email protected]>, size=530, nrcpt=1 (queue active)
Dec 11 18:38:28 palm postfix/smtp[23878]: 3dfn2q2wMzz3tnY:
to=<[email protected]>, orig_to=<postmaster@[78.33.153.147]>,
relay=smtp.britvault.co.uk[192.168.186.10]:25, delay=0.93,
delays=0.15/0.12/0.31/0.34, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
3dfn2r0bNLzBFP)
Dec 11 18:38:28 palm postfix/qmgr[28341]: 3dfn2q2wMzz3tnY: removed
dmesg:
OpenBSD 5.4 (GENERIC) #37: Tue Jul 30 12:05:01 MDT 2013
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 349 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,PERF
real mem = 267894784 (255MB)
avail mem = 252063744 (240MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/06/99, BIOS32 rev. 0 @ 0xfd861, SMBIOS
rev. 2.1 @ 0xf7de5 (32 entries)
bios0: vendor IBM version "PDKT25AUK" date 06/06/99
bios0: IBM 6275540
apm0 at bios0: Power Management spec V1.2
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2280/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:02:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x8000
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x02
intelagp0 at pchb0
agp0 at intelagp0: aperture at 0xec000000, size 0x4000000
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x02
pci1 at ppb0 bus 1
vga1 at pci1 dev 1 function 0 "S3 Trio3D AGP" rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
piixpcib0 at pci0 dev 2 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 2 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <Maxtor 6Y080P0>
wd0: 16-sector PIO, LBA, 78167MB, 160086528 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
wd1 at pciide0 channel 1 drive 0: <Maxtor 5A320J0>
wd1: 16-sector PIO, LBA48, 308921MB, 632672208 sectors
atapiscsi0 at pciide0 channel 1 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <HL-DT-ST, CD-RW GCE-8525B, 1.03> ATAPI 5/cdrom
removable
wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 2 function 2 "Intel 82371AB USB" rev 0x01: irq 10
piixpm0 at pci0 dev 2 function 3 "Intel 82371AB Power" rev 0x02: SMI
iic0 at piixpm0
spdmem0 at iic0 addr 0x50: 128MB SDRAM non-parity PC100CL3
spdmem1 at iic0 addr 0x51: 64MB SDRAM non-parity PC100CL3
spdmem2 at iic0 addr 0x52: 64MB SDRAM non-parity PC100CL3
spdmem3 at iic0 addr 0x55: 448MB DDR2 SDRAM PC2-2500CL5
em0 at pci0 dev 16 function 0 "Intel 82546GB" rev 0x03: irq 11, address
00:04:23:a8:92:0e
em1 at pci0 dev 16 function 1 "Intel 82546GB" rev 0x03: irq 10, address
00:04:23:a8:92:0f
puc0 at pci0 dev 18 function 0 "Moxa C168H" rev 0x01: ports: 8 com
com4 at puc0 port 0 irq 9: ns16550a, 16 byte fifo
com5 at puc0 port 1 irq 9: ns16550a, 16 byte fifo
com6 at puc0 port 2 irq 9: ns16550a, 16 byte fifo
com7 at puc0 port 3 irq 9: ns16550a, 16 byte fifo
com8 at puc0 port 4 irq 9: ns16550a, 16 byte fifo
com9 at puc0 port 5 irq 9: ns16550a, 16 byte fifo
com10 at puc0 port 6 irq 9: ns16550a, 16 byte fifo
com11 at puc0 port 7 irq 9: ns16550a, 16 byte fifo
puc1 at pci0 dev 20 function 0 "AT&T/Lucent Venus Modem" rev 0x00: ports: 1 com
com12 at puc1 port 0 irq 5: ns16550a, 16 byte fifo
com12: probed fifo depth: 0 bytes
isa0 at piixpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt1 at isa0 port 0x278/4: polled
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on wd0a (364eb89ee13fc5c7.a) swap on wd0b dump on wd0b
usbdevs:
Controller /dev/usb0:
addr 1: full speed, self powered, config 1, UHCI root hub(0x0000),
Intel(0x8086), rev 1.00
port 1 powered
port 2 powered
