Heho, you can't, really. Technically, they should set a null MX (RFC7505 [1]), instead of publishing localhost, though.
What would/might help would be loop detection in opensmtpd; I always kind of assumed that it had it, though; I.e., bouncing messages as soon as $self already appears in delivered-to with the same dst. address. Alternatively, you could set a rule at lo tcp/25 to treat local different from tcp submitted mails. Still, similar issues, e.g., not setting an MX and thereby having opensmtpd deliver to the domain's A (often keeping the mail queued for some time) will still be there. With best regards, Tobias [1] https://www.rfc-editor.org/rfc/rfc7505 On Fri, 2023-02-17 at 16:23 +0100, Heinrich Rebehn wrote: > Hello all, > > I stumbled upon a weird situation when trying to send mail to > t...@webmail.de. smtpd entered into an endless loop: > > ——————————————————————————————————————————— > obsd-test# mail -s test t...@webmail.de > test > . > EOT > obsd-test# Feb 17 16:00:01 obsd-test smtpd[74143]: f63245c93259f11c > smtp connected address=local host=obsd-test.rebehn.net > Feb 17 16:00:01 obsd-test smtpd[74143]: f63245c93259f11c smtp message > msgid=7157a411 size=363 nrcpt=1 proto=ESMTP > Feb 17 16:00:01 obsd-test smtpd[74143]: f63245c93259f11c smtp > envelope evpid=7157a411f91aaef7 from=<r...@obsd-test.rebehn.net> > to=<t...@webmail.de> > Feb 17 16:00:01 obsd-test smtpd[74143]: f63245c93259f11c smtp > disconnected reason=quit > 2023-02-17T15:00:01.986Z obsd-test newsyslog[87010]: logfile turned > over > tail: /var/log/maillog has been replaced, reopening. > 2023-02-17T15:00:01.986Z obsd-test newsyslog[87010]: logfile turned > over > Feb 17 16:00:02 obsd-test smtpd[74143]: f63245cd0d08e264 mta > connecting address=smtp://127.0.0.1:25 host=localhost > Feb 17 16:00:02 obsd-test smtpd[74143]: f63245cd0d08e264 mta > connected > Feb 17 16:00:02 obsd-test smtpd[74143]: f63245ce7265d1ed smtp > connected address=127.0.0.1 host=localhost > Feb 17 16:00:02 obsd-test smtpd[74143]: f63245ce7265d1ed smtp message > msgid=d2ff5ca2 size=546 nrcpt=1 proto=ESMTP > Feb 17 16:00:02 obsd-test smtpd[74143]: f63245ce7265d1ed smtp > envelope evpid=d2ff5ca2aa40c428 from=<r...@obsd-test.rebehn.net> > to=<t...@webmail.de> > Feb 17 16:00:02 obsd-test smtpd[74143]: f63245cd0d08e264 mta delivery > evpid=7157a411f91aaef7 from=<r...@obsd-test.rebehn.net> > to=<t...@webmail.de> rcpt=<-> source="127.0.0.1" relay="127.0.0.1 > (localhost)" delay=1s result="Ok" stat="250 2.0.0 d2ff5ca2 Message > accepted for delivery" > Feb 17 16:00:03 obsd-test smtpd[74143]: f63245ce7265d1ed smtp message > msgid=209c5192 size=729 nrcpt=1 proto=ESMTP > Feb 17 16:00:03 obsd-test smtpd[74143]: f63245ce7265d1ed smtp > envelope evpid=209c519220fca0c2 from=<r...@obsd-test.rebehn.net> > to=<t...@webmail.de> > Feb 17 16:00:03 obsd-test smtpd[74143]: f63245cd0d08e264 mta delivery > evpid=d2ff5ca2aa40c428 from=<r...@obsd-test.rebehn.net> > to=<t...@webmail.de> rcpt=<-> source="127.0.0.1" relay="127.0.0.1 > (localhost)" delay=1s result="Ok" stat="250 2.0.0 209c5192 Message > accepted for delivery" > Feb 17 16:00:04 obsd-test smtpd[74143]: f63245ce7265d1ed smtp message > msgid=2f497747 size=912 nrcpt=1 proto=ESMTP > Feb 17 16:00:04 obsd-test smtpd[74143]: f63245ce7265d1ed smtp > envelope evpid=2f497747f408bbd3 from=<r...@obsd-test.rebehn.net> > to=<t...@webmail.de> > Feb 17 16:00:04 obsd-test smtpd[74143]: f63245cd0d08e264 mta delivery > evpid=209c519220fca0c2 from=<r...@obsd-test.rebehn.net> > to=<t...@webmail.de> rcpt=<-> source="127.0.0.1" relay="127.0.0.1 > (localhost)" delay=1s result="Ok" stat="250 2.0.0 2f497747 Message > accepted for delivery” > > etc... > —————————————————————————————————————————————— > > The reason for this is: > > obsd-test# host webmail.de > webmail.de has address 64.190.63.111 > webmail.de mail is handled by 0 localhost. > > I mistyped swbmail.de as webmail.de. So it is partially my fault. > Webmail.de is for sale by sedo.com. It is really weird that they > enter localhost as mx. They should at least have their own fake > mailer which simply rejects emails to webmail.com. > > But my question is: How can I harden smtpd.conf against such mx > entries? > > OpenBSD obsd-test.rebehn.net 7.2 GENERIC#6 amd64 running under ESXi > 7.0U3 > Clean install, default smtpd.conf > > Thanks for any help, > > Heinrich > > -- Dr.-Ing. Tobias Fiebig T +31 616 80 98 99 M tob...@fiebig.nl
