Hello, First of all, thank you for dcc. It rocks muchly. My spam levels have dropped significantly thanks to you guys.
I was wondering if you could help me out w/ greylist bypass for authenticated sessions in sendmail. I generated sendmail.cf with hackmc -AROT. With dcc up and running and with sendmail authenticating against saslauthd, I specify option MTA-first to attempt to whitelist authenticated sessions. 'Cept it does not work. After TLS-ed AUTH PLAIN succeeds, the message is embargoed leaving client all hot, bothered, and confused. Here is what my sendmail sees: Nov 29 21:51:25 foo sm-mta[24089]: STARTTLS=server, Diffie-Hellman init, key=512 bit (1) Nov 29 21:51:25 foo sm-mta[24089]: STARTTLS=server, init=1 Nov 29 21:51:25 foo sm-mta[24089]: started as: /usr/local/sbin/sendmail -L sm-mta -bd -q30m -OLogLevel=15 -X/tmp/sendmail.log Nov 29 21:51:27 foo sm-msp-queue[24093]: starting daemon (8.13.8): [EMAIL PROTECTED]:15:00 Nov 29 21:51:47 foo sm-mta[24096]: NOQUEUE: connect from client1.someprovider.net [1.2.3.4] Nov 29 21:51:47 foo sm-mta[24096]: AUTH: available mech=CRAM-MD5 DIGEST-MD5 GSSAPI, allowed mech=LOGIN PLAIN DIGEST-MD5 CRAM-MD5 Nov 29 21:51:52 foo sm-mta[24096]: kAU4plcZ024096: --- 220 Sendmail ESMTP 8.13.8/8.13.8/pablo.02050100; Wed, 29 Nov 2006 21:51:47 -0700; UCE (spam) is UNWELCOME Nov 29 21:51:53 foo sm-mta[24096]: kAU4plcZ024096: <-- EHLO [1.2.3.4] Nov 29 21:51:53 foo sm-mta[24096]: kAU4plcZ024096: --- 250-foo.tetrapyloctomy.org Hello client1.someprovider.net [1.2.3.4], pleased to meet you Nov 29 21:51:53 foo sm-mta[24096]: kAU4plcZ024096: --- 250-ENHANCEDSTATUSCODES Nov 29 21:51:53 foo sm-mta[24096]: kAU4plcZ024096: --- 250-PIPELINING Nov 29 21:51:53 foo sm-mta[24096]: kAU4plcZ024096: --- 250-8BITMIME Nov 29 21:51:53 foo sm-mta[24096]: kAU4plcZ024096: --- 250-SIZE 10485760 Nov 29 21:51:53 foo sm-mta[24096]: kAU4plcZ024096: --- 250-ETRN Nov 29 21:51:53 foo sm-mta[24096]: kAU4plcZ024096: --- 250-AUTH DIGEST-MD5 CRAM-MD5 Nov 29 21:51:53 foo sm-mta[24096]: kAU4plcZ024096: --- 250-STARTTLS Nov 29 21:51:53 foo sm-mta[24096]: kAU4plcZ024096: --- 250-DELIVERBY Nov 29 21:51:53 foo sm-mta[24096]: kAU4plcZ024096: --- 250 HELP Nov 29 21:51:54 foo sm-mta[24096]: kAU4plcZ024096: <-- STARTTLS Nov 29 21:51:54 foo sm-mta[24096]: kAU4plcZ024096: --- 220 2.0.0 Ready to start TLS Nov 29 21:51:56 foo sm-mta[24096]: STARTTLS=server, get_verify: 0 get_peer: 0x0 Nov 29 21:51:56 foo sm-mta[24096]: STARTTLS=server, relay=client1.someprovider.net [1.2.3.4], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256 Nov 29 21:51:56 foo sm-mta[24096]: STARTTLS=server, cert-subject=, cert-issuer=, verifymsg=ok Nov 29 21:51:56 foo sm-mta[24096]: AUTH: available mech=LOGIN CRAM-MD5 DIGEST-MD5 GSSAPI PLAIN, allowed mech=LOGIN PLAIN DIGEST-MD5 CRAM-MD5 Nov 29 21:51:56 foo sm-mta[24096]: STARTTLS=read, info: fds=8/5, err=2 Nov 29 21:51:56 foo sm-mta[24096]: kAU4plcZ024096: <-- EHLO [1.2.3.4] Nov 29 21:51:56 foo sm-mta[24096]: kAU4plca024096: --- 250-foo.tetrapyloctomy.org Hello client1.someprovider.net [1.2.3.4], pleased to meet you Nov 29 21:51:56 foo sm-mta[24096]: kAU4plca024096: --- 250-ENHANCEDSTATUSCODES Nov 29 21:51:56 foo sm-mta[24096]: kAU4plca024096: --- 250-PIPELINING Nov 29 21:51:56 foo sm-mta[24096]: kAU4plca024096: --- 250-8BITMIME Nov 29 21:51:56 foo sm-mta[24096]: kAU4plca024096: --- 250-SIZE 10485760 Nov 29 21:51:56 foo sm-mta[24096]: kAU4plca024096: --- 250-ETRN Nov 29 21:51:56 foo sm-mta[24096]: kAU4plca024096: --- 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5 Nov 29 21:51:56 foo sm-mta[24096]: kAU4plca024096: --- 250-DELIVERBY Nov 29 21:51:56 foo sm-mta[24096]: kAU4plca024096: --- 250 HELP Nov 29 21:51:56 foo sm-mta[24096]: STARTTLS=read, info: fds=8/5, err=2 Nov 29 21:51:57 foo sm-mta[24096]: kAU4plca024096: <-- AUTH CRAM-MD5 Nov 29 21:51:57 foo sm-mta[24096]: kAU4plca024096: --- 334 PDMyODE0NzMxMjQuNzIzNDQ4MkBhbnl3aGVyZS50ZXRyYXB5bG9jdG9teS5vcmc+ Nov 29 21:51:57 foo sm-mta[24096]: STARTTLS=read, info: fds=8/5, err=2 Nov 29 21:51:58 foo sm-mta[24096]: kAU4plca024096: --- 535 5.7.0 authentication failed Nov 29 21:51:58 foo sm-mta[24096]: kAU4plca024096: AUTH failure (CRAM-MD5): user not found (-20) SASL(-13): user not found: no secret in database Nov 29 21:51:58 foo sm-mta[24096]: STARTTLS=read, info: fds=8/5, err=2 Nov 29 21:51:59 foo sm-mta[24096]: kAU4plca024096: <-- AUTH PLAIN AHBhYmxvAGxpVkYhMEQ= Nov 29 21:51:59 foo sm-mta[24096]: kAU4plca024096: --- 235 2.0.0 OK Authenticated Nov 29 21:51:59 foo sm-mta[24096]: AUTH=server, relay=client1.someprovider.net [1.2.3.4], authid=pablo, mech=PLAIN, bits=0 Nov 29 21:51:59 foo sm-mta[24096]: STARTTLS=read, info: fds=8/5, err=2 Nov 29 21:52:00 foo sm-mta[24096]: kAU4plca024096: <-- MAIL FROM:<[EMAIL PROTECTED]> SIZE=360 Nov 29 21:52:00 foo sm-mta[24096]: kAU4plca024096: --- 250 2.1.0 <[EMAIL PROTECTED]>... Sender ok Nov 29 21:52:00 foo sm-mta[24096]: STARTTLS=read, info: fds=8/5, err=2 Nov 29 21:52:00 foo sm-mta[24096]: kAU4plca024096: <-- RCPT TO:<[EMAIL PROTECTED]> Nov 29 21:52:00 foo sm-mta[24096]: kAU4plca024096: --- 250 2.1.5 <[EMAIL PROTECTED]>... Recipient ok Nov 29 21:52:00 foo sm-mta[24096]: STARTTLS=read, info: fds=8/5, err=2 Nov 29 21:52:01 foo sm-mta[24096]: kAU4plca024096: <-- DATA Nov 29 21:52:01 foo sm-mta[24096]: kAU4plca024096: --- 354 Enter mail, end with "." on a line by itself Nov 29 21:52:01 foo sm-mta[24096]: STARTTLS=read, info: fds=8/5, err=2 Nov 29 21:52:02 foo sm-mta[24096]: kAU4plca024096: from=<[EMAIL PROTECTED]>, size=348, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=client1.someprovider.net [1.2.3.4] Nov 29 21:52:04 foo sm-mta[24096]: kAU4plca024096: --- 452 4.2.1 mail kAU4plca024096 from 1.2.3.4 temporary greylist embargoed (hold) Nov 29 21:52:04 foo sm-mta[24096]: kAU4plca024096: to=<[EMAIL PROTECTED]>, delay=00:00:04, pri=30348, stat=authentication failed Nov 29 21:52:04 foo sm-mta[24096]: kAU4plca024096: --- 452 4.2.1 mail kAU4plca024096 from 1.2.3.4 temporary greylist embargoed (held) Nov 29 21:52:04 foo sm-mta[24096]: STARTTLS=read, info: fds=8/5, err=2 Nov 29 21:52:17 foo sm-mta[24096]: kAU4plcb024096: --- 421 4.4.1 foo.tetrapyloctomy.org Lost input channel from client1.someprovider.net [1.2.3.4] Any ideas? Thanks, --p _______________________________________________ DCC mailing list [email protected] http://www.rhyolite.com/mailman/listinfo/dcc
