On 04/03/03 at 06:17, Dene Stringfellow opined:
> I would be grateful if somebody could clarify the following for me.
>
> I originally had the following router blocks in place in an effort to
> block spam:
>
> [EMAIL PROTECTED] = null
> <[EMAIL PROTECTED]> = null
'[EMAIL PROTECTED]' is a local alias, so it needs to be enclosed in angle brackets,
so the first line uses invalid syntax. You should only need the second
line. An equivalent to the second line, which seems cleaner to me, is to
use domain level routing as in:
ucc.ie = null
You might also want to catch sub-domains of ucc.ie with:
*.ucc.ie = null
> The resulting log displayed the following:
>
> 06:18:04 4 SMTP-003([192.168.4.220]) Sending 220-ridgedale.co.uk Stalker
> Internet Mail Server V.1.8b9d14 is ready.\r\n220 ESMTP is spoken here.
> You are very welcome\r\n
> 06:18:04 5 SMTP-003([192.168.4.220]) OT 119 of 119 bytes sent, Flags=0
> 06:18:04 5 SMTP-003([192.168.4.220]) *Status=22
> 06:18:04 5 SMTP-003([192.168.4.220]) Received 20 bytes
> 06:18:04 4 SMTP-003([192.168.4.220]) Input Line: HELO 192.168.4.220\r
> 06:18:04 5 SMTP-003([192.168.4.220]) *Status=21
> 06:18:04 4 SMTP-003(192.168.4.220) Looking for 192.168.4.220
> 06:18:04 4 SMTP-003(192.168.4.220) Sending 250 ridgedale.co.uk is
> pleased to meet you\r\n
> 06:18:04 5 SMTP-003(192.168.4.220) OT 44 of 44 bytes sent, Flags=0
> 06:18:04 5 SMTP-003(192.168.4.220) *Status=22
> 06:18:04 5 SMTP-003(192.168.4.220) Received 6 bytes
> 06:18:04 4 SMTP-003(192.168.4.220) Input Line: RSET\r
> 06:18:04 4 SMTP-003(192.168.4.220) Sending 250 SMTP state reset\r\n
> 06:18:04 5 SMTP-003(192.168.4.220) OT 22 of 22 bytes sent, Flags=0
> 06:18:04 5 SMTP-003(192.168.4.220) *Status=22
> 06:18:05 5 SMTP-003(192.168.4.220) Received 34 bytes
> 06:18:05 4 SMTP-003(192.168.4.220) Input Line: MAIL
> FROM:<[EMAIL PROTECTED]>\r
> 06:18:05 5 SMTP-003(192.168.4.220) *Status=25
> 06:18:05 1 SMTP-003(192.168.4.220) Return-Path '<[EMAIL PROTECTED]>'
> rejected: routed to ERROR
> 06:18:05 4 SMTP-003(192.168.4.220) Sending 572 <[EMAIL PROTECTED]>
> address is blacklisted.\r\n
> 06:18:05 5 SMTP-003(192.168.4.220) OT 52 of 52 bytes sent, Flags=0
> 06:18:05 5 SMTP-003(192.168.4.220) *Status=24
> 06:18:06 5 SMTP-003(192.168.4.220) Received 6 bytes
> 06:18:06 4 SMTP-003(192.168.4.220) Input Line: RSET\r
> 06:18:06 5 SMTP-003(192.168.4.220) *Status=22
> 06:18:06 4 SMTP-003(192.168.4.220) Sending 250 SMTP state reset\r\n
> 06:18:06 5 SMTP-003(192.168.4.220) OT 22 of 22 bytes sent, Flags=0
> 06:18:06 5 SMTP-003(192.168.4.220) *Status=22
>
> - the mail server appearing to respond to the spam mail and routing to
> ERROR!
If the only relevant entries in your router are (or were) what you showed
above, then yes, it is very odd that SIMS would route
<[EMAIL PROTECTED]> to ERROR and reject the message. Given the entries
routing ucc.ie addresses to NULL, SIMS should accept the message and
deliver it to the void. Are you certain that there are no entries in your
router, occuring above the two lines you've shown us, that would route
<[EMAIL PROTECTED]> to ERROR?
> Having read through some of the threads in the mail list, I
> changed the router setting to the following:
>
> [EMAIL PROTECTED] = null
> <[EMAIL PROTECTED]> = null
> <[EMAIL PROTECTED]> = null
I'm not certain, but I think that first line might be mucking up the works.
The third (new) line is superfluous since the address
<[EMAIL PROTECTED]> will (should) be matched by the line above it and
never compared to the '<[EMAIL PROTECTED]> = null' line.
> The resulting log then displayed the following:
>
> 10:42:24 2 SYSTEM [S.0000013112]
> <[EMAIL PROTECTED]> 0+1 From:[EMAIL PROTECTED]
> 10:42:24 2 SYSTEM(POP) [S.0000013112] delivered to (spacemonkey)
> 10:42:24 5 SMTP-009(192.168.4.220) Received 34 bytes
> 10:42:24 4 SMTP-009(192.168.4.220) Input Line: MAIL
> FROM:<[EMAIL PROTECTED]>\r
> 10:42:24 5 SMTP-009(192.168.4.220) *Status=25
> 10:42:24 4 SMTP-009(192.168.4.220) Sending 250 <[EMAIL PROTECTED]>
> sender accepted\r\n
> 10:42:24 5 SMTP-009(192.168.4.220) OT 44 of 44 bytes sent, Flags=0
> 10:42:24 5 SMTP-009(192.168.4.220) *Status=23
> 10:42:25 5 SMTP-009(192.168.4.220) Received 36 bytes
> 10:42:25 4 SMTP-009(192.168.4.220) Input Line: RCPT
> TO:<[EMAIL PROTECTED]>\r
> 10:42:25 5 SMTP-009(192.168.4.220) *Status=33
> 10:42:25 2 SYSTEM [S.0000013112] deleted
> 10:42:25 4 SMTP-009(192.168.4.220) Sending 250
> <[EMAIL PROTECTED]> recipient accepted\r\n
> 10:42:25 5 SMTP-009(192.168.4.220) OT 51 of 51 bytes sent, Flags=0
> 10:42:25 5 SMTP-009(192.168.4.220) *Status=23
> 10:42:25 5 SMTP-009(192.168.4.220) Received 6 bytes
> 10:42:25 4 SMTP-009(192.168.4.220) Input Line: DATA\r
> 10:42:25 4 SMTP-009(192.168.4.220) Sending 354 Enter mail, end with "."
> on a line by itself\r\n
> 10:42:25 5 SMTP-009(192.168.4.220) OT 50 of 50 bytes sent, Flags=0
> 10:42:25 5 SMTP-009(192.168.4.220) *Status=27
> 10:42:25 5 SMTP-009(192.168.4.220) Received 606 bytes
> 10:42:25 5 SMTP-009(192.168.4.220) Received 449 bytes
> 10:42:25 5 SMTP-009(192.168.4.220) Writing 1327 byte at 0
> 10:42:25 5 SMTP-009(192.168.4.220) *Status=28
> 10:42:25 2 SMTP-009(192.168.4.220) {S.0000013113} received, 1327 bytes
> 10:42:25 4 SMTP-009(192.168.4.220) Sending 250 S.0000013113 message
> accepted for delivery\r\n
> 10:42:25 5 SMTP-009(192.168.4.220) OT 48 of 48 bytes sent, Flags=0
> 10:42:25 5 SMTP-009(192.168.4.220) *Status=22
> 10:42:26 5 SMTP-009(192.168.4.220) Received 6 bytes
> 10:42:26 4 SMTP-009(192.168.4.220) Input Line: RSET\r
> 10:42:26 4 SMTP-009(192.168.4.220) Sending 250 SMTP state reset\r\n
> 10:42:26 5 SMTP-009(192.168.4.220) OT 22 of 22 bytes sent, Flags=0
> 10:42:26 5 SMTP-009(192.168.4.220) *Status=22
> 10:42:26 5 SMTP-009(192.168.4.220) Received 34 bytes
> 10:42:26 4 SMTP-009(192.168.4.220) Input Line: MAIL
> FROM:<[EMAIL PROTECTED]>\r
> 10:42:26 5 SMTP-009(192.168.4.220) *Status=25
> 10:42:26 4 SMTP-009(192.168.4.220) Sending 250 <[EMAIL PROTECTED]>
> sender accepted\r\n
> 10:42:26 5 SMTP-009(192.168.4.220) OT 44 of 44 bytes sent, Flags=0
> 10:42:26 5 SMTP-009(192.168.4.220) *Status=23
> 10:42:27 2 SYSTEM [S.0000013113]
> <[EMAIL PROTECTED]> 0+1 From:[EMAIL PROTECTED]
> 10:42:27 2 SYSTEM(POP) [S.0000013113] delivered to (spacemonkey)
> 10:42:27 5 SMTP-009(192.168.4.220) Received 36 bytes
> 10:42:27 4 SMTP-009(192.168.4.220) Input Line: RCPT
> TO:<[EMAIL PROTECTED]>\r
> 10:42:27 5 SMTP-009(192.168.4.220) *Status=33
> 10:42:27 2 SYSTEM [S.0000013113] deleted
>
> The emails from [EMAIL PROTECTED] were then found to have arrived in
> the user mailbox! The SIMS server still apears to be responding to this
> spam!
> I understood that when routing to null the mail would be automatically
> deleted, and not delivered to the user! Or am I misinterpreting these
> logs?
Routing to NULL causes SIMS to accept the message and then deliver it to
nowhere (i.e. to the NULL account). So, your understanding is essentially
correct. It is arguably better to route to ERROR rather than to NULL,
though, because routing to ERROR will cause SIMS to reject the messages and
tell that to the sending MTA, so a bounce message will be generated back to
the message's sender. When a message is routed to NULL, since the message
is accepted, the sending MTA thinks that it has relayed it successfully,
and there is no bounce generated -- as far as the sender can see, the
message was delivered successfully. At any rate, I'd recommend that you
change your router entries to either:
ucc.ie = null
*.ucc.ie = null
OR
ucc.ie = error
*.ucc.ie = error
--
Christopher Bort | [EMAIL PROTECTED]
Webmaster, Global Homes | [EMAIL PROTECTED]
<http://www.globalhomes.com/>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
