It is rumored that on or about 2002-07-11 10:16 AM -0700, Warren
Michelsen wrote as follows:
>I had thought that SIMS would reject email to domains for which
>there are no router entries, with either a No-Such-Account or a
>We-Don't-Relay error.
Warren
I am pretty sure that the problem is the DNS entry for the domain-that-is-gone.
I tried this experiment on my server (some items obscured due to paranoia):
>telnet mail.eton.ca 25
>Trying 206.47.27.217...
>Connected to mail.eton.ca.
>Escape character is '^]'.
>220-Stalker Internet Mail Server V.1.8b8 is ready.
>220 ESMTP is spoken here. You are very welcome
>helo 192.168.0.2
>250 mail.eton.ca is pleased to meet you
>MAIL FROM: [EMAIL PROTECTED]
>250 [EMAIL PROTECTED] sender accepted
>RCPT TO: [EMAIL PROTECTED]
>250 [EMAIL PROTECTED] will relay
>DATA
>354 Enter mail, end with "." on a line by itself
>this is a test
>.
>250 S.0000433939 message accepted for delivery
>quit
Obviously [EMAIL PROTECTED] is completely bogus, and [EMAIL PROTECTED]
is an obfuscated semi-bogus account. I say semi-bogus because
although the domain xxxxxxx.eton.ca does exist (and returns an IP) it
does NOT have an MX record.
However, it looks to me like SIMS does a lookup on xxxxxxx.eton.ca,
finds the IP is its own, and does not find a router entry blocking
xxxxxxx.eton.ca, and so is quite happy to accept the mail.
Of course the mail was undeliverable as was the automated SIMS bounce
so now I have 2 entries in my queue, both failed. All they are doing
is consuming disk space because SIMS has finished with them both.
As to whether this is a huge DOS hole, I don't think so, because
unless the mail is addressed to a domain with a valid DNS entry that
resolves to your mail server IP, it will never even arrive!
Here are the corresponding log entries:
>17:13:49 0 SYSTEM The current date is Thursday, July 11, 2002
>17:13:49 2 SMTP-489(192.168.0.2) {S.0000433939} received, 280 bytes
>17:13:49 2 SYSTEM [S.0000433939] S.0000433939 1+0 From:[EMAIL PROTECTED]
>17:13:49 3 SMTP [S.0000433939] dequeueing
>17:13:49 1 SYSTEM(SMTP) [S.0000433939] failed on
>(xxxxxxx.eton.ca)zzzzz. Error Code=-15010
>17:13:49 2 SYSTEM [S.0000433941]
><[EMAIL PROTECTED]> 1+0 From:NULL@NULL
>17:13:50 1 SYSTEM(SMTP) [S.0000433941] failed on (msn.com)fake.
>Error Code=-15004
>17:13:50 0 SYSTEM Return Receipt failed: headers are too long
Waiting to be flamed for my faulty logic ...
--
Neil
Neil Herber, RGD
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
