If a users wants this they are free to add the IP address to alloweddomains,
Most users have absolutely no desire to accept mail directed to an IP address, so I don't believe this is a serious issue, other an allowing in spam addressed to the ip address. Users of the alloweddomains file want explicitly only mail addressed to whatevers in there. I will also take the oppotunity to remind you that spamd is *not* a mail server. It's a layer 7 deep packet inspection device for smtp.. :) On Wed, Dec 11, 2013 at 12:14 PM, <[email protected]> wrote: >>Synopsis: spamd traps mail to postmaster@[i.p.a.dress] when ip is not >>listed in spamd.alloweddomains. RFC 1123/2142/2821 violation >>Category: user >>Environment: > System : OpenBSD 5.4 > Details : OpenBSD 5.4 (GENERIC) #37: Tue Jul 30 12:05:01 MDT 2013 > > [email protected]:/usr/src/sys/arch/i386/compile/GENERIC > > Architecture: OpenBSD.i386 > Machine : i386 >>Description: > > RFC 1123/2142/2821 violation > > Mail servers are required to accept mail for postmaster@[i.p.a.dress], > possibly also abuse@[i.p.a.dress], maybe hostmaster@ webmaster@, usenet@, > ftp@, etc, etc. > > spamd does this, EXCEPT when used with spamd.alloweddomains, AND the host's > ip addresses are not explicitly added to that file. (See the 'How-To-Repeat' > and 'Fix' sections below.) > > Ideally, when spamd is using alloweddomains, also automatically add all ip > addresses on which it is listening. > > > > *RFC 1123* > > Section 5.4 > "Support "postmaster" | MUST" > "Accept and recognize self domain literal(s) | MUST" > > Section 5.2.7 > "A host that supports a receiver-SMTP MUST support the reserved mailbox > "Postmaster"." > > Section 5.2.17 > "An SMTP MUST accept and recognize a domain literal for any of its own IP > addresses." > > > *RFC 2142* > > Section 1. RATIONALE AND SCOPE > > "..requires the presence of a <POSTMASTER@domain> mailbox name on all hosts > that have an SMTP server." > > Section 2. INVARIANTS > > "For example, if an Internet service provider's domain name is COMPANY.COM, > then the <[email protected]> address must be valid and supported" > > Section 4. NETWORK OPERATIONS MAILBOX NAMES > > ABUSE@, NOC@, SECURITY@, > > Section 5. SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES > > POSTMASTER@, HOSTMASTER@, USENET@, NEWS@, WEBMASTER@, WWW@, UUCP@, FTP@ > > > > *RFC 2821* > > Section 3.6 Domains > > "The reserved mailbox name "postmaster" may be used in a RCPT command without > domain qualification (see section 4.1.1.3) and MUST be accepted if so used." > > Section 4.5.1 Minimum Implementation > > "Any system that includes an SMTP server supporting mail relaying or delivery > MUST support the reserved mailbox "postmaster" as a case-insensitive local > name..... SMTP systems are expected to make every reasonable effort to accept > mail directed to Postmaster from any other system on the Internet." > > >>How-To-Repeat: > > $ hostname > palm.britvault.co.uk > $ sudo /etc/rc.d/spamd stop > $ sudo mv /var/db/spamd /var/db/spamd~ > $ egrep -v '^$|^#' spamd.alloweddomains > britvault.co.uk > @hope-church-falkirk.org.uk > @kepax.co.uk > $ sudo /etc/rc.d/spamd start > spamd(ok) > Dec 11 17:51:38 palm spamd[32752]: listening for incoming connections. > Dec 11 17:51:38 palm spamd[12277]: got suffix britvault.co.uk > Dec 11 17:51:38 palm spamd[12277]: got suffix @hope-church-falkirk.org.uk > Dec 11 17:51:38 palm spamd[12277]: got suffix @kepax.co.uk > > $ hostname > oak.britvault.co.uk > $ host palm > palm.britvault.co.uk has address 78.33.153.147 > $ echo blah | mail -s blah postmaster@[78.33.153.147] > > $ hostname > palm.britvault.co.uk > Dec 11 17:52:59 palm spamd[32752]: 78.33.153.149: connected (1/0) > Dec 11 17:53:10 palm spamd[12277]: Trapping 78.33.153.149 for tuple > 78.33.153.149 oak.britvault.co.uk <[email protected]> > <postmaster@[78.33.153.147]> > Dec 11 17:53:10 palm spamd[32752]: 78.33.153.149: disconnected after 11 > seconds. > Dec 11 17:53:10 palm spamd[12277]: new greytrap entry 78.33.153.149 from > <[email protected]> to <postmaster@[78.33.153.147]>, helo > oak.britvault.co.uk > $ spamdb > TRAPPED|78.33.153.149|1386870790 > > >>Fix: > Hack: Append all of the machine's ip addresses to spamd.alloweddomains. > > This does not consider spamd's '-l[isten]' flag > > Ideally, when spamd is using alloweddomains, also automatically add all ip > addresses on which it is listening. > > $ hostname > palm.britvault.co.uk > $ sudo /etc/rc.d/spamd stop > $ sudo mv /var/db/spamd /var/db/spamd~~ > $ ifconfig -A | awk '/inet / { print "@["$2"]" }' >> > /etc/mail/spamd.alloweddomains > $ sudo /etc/rc.d/spamd start > spamd(ok) > Dec 11 18:01:23 palm spamd[18637]: listening for incoming connections. > Dec 11 18:01:23 palm spamd[2151]: got suffix britvault.co.uk > Dec 11 18:01:23 palm spamd[2151]: got suffix @hope-church-falkirk.org.uk > Dec 11 18:01:23 palm spamd[2151]: got suffix @kepax.co.uk > Dec 11 18:01:23 palm spamd[2151]: got suffix @[127.0.0.1] > Dec 11 18:01:23 palm spamd[2151]: got suffix @[78.33.153.147] > Dec 11 18:01:23 palm spamd[2151]: got suffix @[192.168.186.5] > > > $ hostname > oak.britvault.co.uk > $ echo blah | mail -s blah postmaster@[78.33.153.147] > > > $ hostname > palm.britvault.co.uk > Dec 11 18:03:08 palm spamd[18637]: 78.33.153.149: connected (1/0) > Dec 11 18:03:19 palm spamd[2151]: new entry 78.33.153.149 from > <[email protected]> to <postmaster@[78.33.153.147]>, helo > oak.britvault.co.uk > Dec 11 18:03:19 palm spamd[18637]: 78.33.153.149: disconnected after 11 > seconds. > > $ spamdb > GREY|78.33.153.149|oak.britvault.co.uk|<[email protected]>|<postmaster@[78.33.153.147]>|1386784999|1386957799|1386957799|1|0 > > Dec 11 18:08:26 palm spamd[18637]: 78.33.153.149: connected (1/0) > Dec 11 18:08:37 palm spamd[18637]: 78.33.153.149: disconnected after 11 > seconds. > Dec 11 18:18:26 palm spamd[18637]: 78.33.153.149: connected (1/0) > Dec 11 18:18:27 palm spamd[18637]: 78.33.153.149: connected (2/0) > Dec 11 18:18:27 palm spamd[18637]: 78.33.153.149: connected (3/0) > Dec 11 18:18:27 palm spamd[18637]: 78.33.153.149: connected (4/0) > Dec 11 18:18:27 palm spamd[18637]: 78.33.153.149: connected (5/0) > Dec 11 18:18:37 palm spamd[18637]: 78.33.153.149: disconnected after 11 > seconds. > Dec 11 18:18:38 palm last message repeated 4 times > Dec 11 18:28:26 palm spamd[18637]: 78.33.153.149: connected (1/0) > Dec 11 18:28:37 palm spamd[18637]: 78.33.153.149: disconnected after 11 > seconds. > Dec 11 18:29:24 palm spamd[19928]: queueing add of 78.33.153.149 > Dec 11 18:29:24 palm spamd[19928]: whitelisting 78.33.153.149 in /var/db/spamd > > $ spamdb > WHITE|78.33.153.149|||1386784999|1386786517|1389896964|6|0 > > Dec 11 18:38:27 palm postfix/smtpd[3495]: 3dfn2q2wMzz3tnY: > client=oak.britvault.co.uk[78.33.153.149] > Dec 11 18:38:27 palm postfix/cleanup[18201]: 3dfn2q2wMzz3tnY: > message-id=<[email protected]> > Dec 11 18:38:27 palm postfix/qmgr[28341]: 3dfn2q2wMzz3tnY: > from=<[email protected]>, size=530, nrcpt=1 (queue active) > Dec 11 18:38:28 palm postfix/smtp[23878]: 3dfn2q2wMzz3tnY: > to=<[email protected]>, orig_to=<postmaster@[78.33.153.147]>, > relay=smtp.britvault.co.uk[192.168.186.10]:25, delay=0.93, > delays=0.15/0.12/0.31/0.34, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as > 3dfn2r0bNLzBFP) > Dec 11 18:38:28 palm postfix/qmgr[28341]: 3dfn2q2wMzz3tnY: removed > > > > > > dmesg: > OpenBSD 5.4 (GENERIC) #37: Tue Jul 30 12:05:01 MDT 2013 > [email protected]:/usr/src/sys/arch/i386/compile/GENERIC > cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 349 MHz > cpu0: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,PERF > real mem = 267894784 (255MB) > avail mem = 252063744 (240MB) > mainbus0 at root > bios0 at mainbus0: AT/286+ BIOS, date 06/06/99, BIOS32 rev. 0 @ 0xfd861, > SMBIOS rev. 2.1 @ 0xf7de5 (32 entries) > bios0: vendor IBM version "PDKT25AUK" date 06/06/99 > bios0: IBM 6275540 > apm0 at bios0: Power Management spec V1.2 > acpi at bios0 function 0x0 not configured > pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000 > pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2280/176 (9 entries) > pcibios0: PCI Interrupt Router at 000:02:0 ("Intel 82371FB ISA" rev 0x00) > pcibios0: PCI bus #1 is the last bus > bios0: ROM list: 0xc0000/0x8000 > cpu0 at mainbus0: (uniprocessor) > pci0 at mainbus0 bus 0: configuration mode 1 (bios) > pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x02 > intelagp0 at pchb0 > agp0 at intelagp0: aperture at 0xec000000, size 0x4000000 > ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x02 > pci1 at ppb0 bus 1 > vga1 at pci1 dev 1 function 0 "S3 Trio3D AGP" rev 0x01 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > piixpcib0 at pci0 dev 2 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02 > pciide0 at pci0 dev 2 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 > wired to compatibility, channel 1 wired to compatibility > wd0 at pciide0 channel 0 drive 0: <Maxtor 6Y080P0> > wd0: 16-sector PIO, LBA, 78167MB, 160086528 sectors > wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 > wd1 at pciide0 channel 1 drive 0: <Maxtor 5A320J0> > wd1: 16-sector PIO, LBA48, 308921MB, 632672208 sectors > atapiscsi0 at pciide0 channel 1 drive 1 > scsibus0 at atapiscsi0: 2 targets > cd0 at scsibus0 targ 0 lun 0: <HL-DT-ST, CD-RW GCE-8525B, 1.03> ATAPI 5/cdrom > removable > wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 > cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2 > uhci0 at pci0 dev 2 function 2 "Intel 82371AB USB" rev 0x01: irq 10 > piixpm0 at pci0 dev 2 function 3 "Intel 82371AB Power" rev 0x02: SMI > iic0 at piixpm0 > spdmem0 at iic0 addr 0x50: 128MB SDRAM non-parity PC100CL3 > spdmem1 at iic0 addr 0x51: 64MB SDRAM non-parity PC100CL3 > spdmem2 at iic0 addr 0x52: 64MB SDRAM non-parity PC100CL3 > spdmem3 at iic0 addr 0x55: 448MB DDR2 SDRAM PC2-2500CL5 > em0 at pci0 dev 16 function 0 "Intel 82546GB" rev 0x03: irq 11, address > 00:04:23:a8:92:0e > em1 at pci0 dev 16 function 1 "Intel 82546GB" rev 0x03: irq 10, address > 00:04:23:a8:92:0f > puc0 at pci0 dev 18 function 0 "Moxa C168H" rev 0x01: ports: 8 com > com4 at puc0 port 0 irq 9: ns16550a, 16 byte fifo > com5 at puc0 port 1 irq 9: ns16550a, 16 byte fifo > com6 at puc0 port 2 irq 9: ns16550a, 16 byte fifo > com7 at puc0 port 3 irq 9: ns16550a, 16 byte fifo > com8 at puc0 port 4 irq 9: ns16550a, 16 byte fifo > com9 at puc0 port 5 irq 9: ns16550a, 16 byte fifo > com10 at puc0 port 6 irq 9: ns16550a, 16 byte fifo > com11 at puc0 port 7 irq 9: ns16550a, 16 byte fifo > puc1 at pci0 dev 20 function 0 "AT&T/Lucent Venus Modem" rev 0x00: ports: 1 > com > com12 at puc1 port 0 irq 5: ns16550a, 16 byte fifo > com12: probed fifo depth: 0 bytes > isa0 at piixpcib0 > isadma0 at isa0 > com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo > com0: console > com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo > pckbc0 at isa0 port 0x60/5 > pckbd0 at pckbc0 (kbd slot) > pckbc0: using irq 1 for kbd slot > wskbd0 at pckbd0: console keyboard, using wsdisplay0 > pcppi0 at isa0 port 0x61 > spkr0 at pcppi0 > lpt1 at isa0 port 0x278/4: polled > npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 > fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 > fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec > usb0 at uhci0: USB revision 1.0 > uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > mtrr: Pentium Pro MTRR support > vscsi0 at root > scsibus1 at vscsi0: 256 targets > softraid0 at root > scsibus2 at softraid0: 256 targets > root on wd0a (364eb89ee13fc5c7.a) swap on wd0b dump on wd0b > > usbdevs: > Controller /dev/usb0: > addr 1: full speed, self powered, config 1, UHCI root hub(0x0000), > Intel(0x8086), rev 1.00 > port 1 powered > port 2 powered
