[ http://issues.apache.org/jira/browse/JAMES-566?page=all ]
Vincenzo Gianferrari Pini resolved JAMES-566. --------------------------------------------- Resolution: Fixed The problem was in a misleading long boolean expression in RcptCmdHandler, that already gave us a similar problem in the past (in SMTPHandler), when it was used for controlling the logic for outbound mail, a few lines of code down. The code for the latter logic was fixed, but not the blacklist logic. > Fastfail DNSRBL blacklisted messages are rejected even if the sender user is > successfully SMTP AUTHenticated > ------------------------------------------------------------------------------------------------------------ > > Key: JAMES-566 > URL: http://issues.apache.org/jira/browse/JAMES-566 > Project: James > Issue Type: Bug > Components: SMTPServer > Affects Versions: 2.3.0b2, 2.3.0b1, 2.3.0a3, 2.3.0a2, 2.3.0a1, 2.2.0, > 2.3.0b3, 2.3.0, 2.4.0, 3.0 > Reporter: Vincenzo Gianferrari Pini > Assigned To: Vincenzo Gianferrari Pini > Fix For: 2.3.0b3, 3.0 > > > A fastfail DNSBRL blacklisted message is rejected even if the sender user is > successfully SMTP AUTHenticated. > Instead in such case the message should be accepted. > This bug is particularly critical in the scenario in which a blacklist that > lists dynamic IP ranges (like "dul.dnsbl.sorbs.net") is being used, and a > legitimate and SMTP AUTHenticated mail client roaming user connects from a > dynamic IP and tries to send a mail to the James server. He will be rejected > in such case. > BTW, just FYI, statistics on my production server show that using fastfail > DNSBRL blacklists and the Bayesian mailet, about 20% of the spam gets > rejected by the "dul.dnsbl.sorbs.net" list, 65% by the other James stock > configuration lists, and almost all of the remaining 15% is detected (and > flagged for inspection) by the Bayesian mailet. Without the > "dul.dnsbl.sorbs.net" about 34% is detected and flagged by the Bayesian > mailet but has to be manually inspected to avoid false positives, and 1% is > undetected. So the dynamic IP criteria is very effective but, to be used, > this bug has to be fixed. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]