[vchkpw] CHKUSER Bug (present in 2.0.9)

2008-04-27 Thread Joshua Megerman 
I just found a chkuser bug, which I will try to fix if the author doesn't beat 
me to it :)

Bounce messages (i.e., from ) are accepted for non-existant remote 
recipients.  In our case, we have a rogue client who we used to perform 
secondary MX services for and stopped because 99% of the mail was spam that 
they were rejecting and leaving us to bounce.  Unfortunately, no matter how 
many times we try, they refuse to remove the secondary MX record that lists 
us, so we get lots of messages sent to us that we reject because the domain 
is not in any of our control files.  However, I noticed a couple of bounce 
messages for them in our queue today, and upon further investigation found 
that CHKUSER had allowed the null sender to relay despite the user being 
non-existant on the system.  Even more interestingly, it seems to be a random 
occasional thing - I see other bounces (including one to the same user) 
getting rejected.  The only difference I see is that they are coming from 
different hosts out of google, but that's all I can say.  Here's the CHKUSER 
log messages for one accept and on reject for the same user:

@4000480f8d7f04132104 15437 CHKUSER relaying rcpt: from :: remote 
:fg-out-1718.google.com:72.14.220.157 rcpt [EMAIL PROTECTED] : client 
allowed to relay
@4000480f94c100eddc94 18912 CHKUSER rejected relaying: from :: remote 
:nf-out-0910.google.com:64.233.182.189 rcpt [EMAIL PROTECTED] : client not 
allowed to relay

Any ideas?

Josh
-- 
Joshua Megerman
SJGames MIB #5273 - OGRE AI Testing Division
You can't win; You can't break even; You can't even quit the game.
  - Layman's translation of the Laws of Thermodynamics
[EMAIL PROTECTED]

!DSPAM:48149113120507223516693!

Re: [vchkpw] CHKUSER Bug (present in 2.0.9)

2008-04-27 Thread Tonix (Antonio Nati) 

Joshua Megerman ha scritto:
I just found a chkuser bug, which I will try to fix if the author doesn't beat 
me to it :)


Bounce messages (i.e., from ) are accepted for non-existant remote 
recipients.  In our case, we have a rogue client who we used to perform 
secondary MX services for and stopped because 99% of the mail was spam that 
they were rejecting and leaving us to bounce.  Unfortunately, no matter how 
many times we try, they refuse to remove the secondary MX record that lists 
us, so we get lots of messages sent to us that we reject because the domain 
is not in any of our control files.  However, I noticed a couple of bounce 
messages for them in our queue today, and upon further investigation found 
that CHKUSER had allowed the null sender to relay despite the user being 
non-existant on the system.  Even more interestingly, it seems to be a random 
occasional thing - I see other bounces (including one to the same user) 
getting rejected.  The only difference I see is that they are coming from 
different hosts out of google, but that's all I can say.  Here's the CHKUSER 
log messages for one accept and on reject for the same user:


@4000480f8d7f04132104 15437 CHKUSER relaying rcpt: from :: remote 
:fg-out-1718.google.com:72.14.220.157 rcpt [EMAIL PROTECTED] : client 
allowed to relay
@4000480f94c100eddc94 18912 CHKUSER rejected relaying: from :: remote 
:nf-out-0910.google.com:64.233.182.189 rcpt [EMAIL PROTECTED] : client not 
allowed to relay


Any ideas?

  

Do not confuse relaying and CHKUSER.

Relaying is allowed only if sending user is authenticated or you have 
set RELAYCLIENT for the sending IP or for the process.


CHKUSER simply shows you what is happening on your system. In this case:

   * recipients are not local (so chkuser cannot check for their
 existence).

   * IP 72.14.220.157 is probably authorized to relay (you have
 RELAYCLIENT set, that means you can have pop before smtp, or
 whatever other reason), while 64.233.182.189 is not authorized to
 relay (RELAYCLIENT not set).

Check your system and what is happening before/around your SMTP process.

Tonino



Josh
  



--

   [EMAIL PROTECTED]Interazioni di Antonio Nati 
  http://www.interazioni.it  [EMAIL PROTECTED]   





!DSPAM:48149710120501444319316!