[xmail] Re: Me too? (1.25-pre22)

Thu, 15 Nov 2007 12:28:43 -0800 

On Thu, 15 Nov 2007, Francesco Vertova wrote:

> Hi all,
> 
> I've installed 1.25-pre22 from an hour. Looks like auth'd (SMTP after 
> POP3) users cannot bypass DNSBL in spite of code 0:
> 
> excerpt from today's pop3log:
> 
> "dex1.tsd.unifi.it"   "tsd.unifi.it"  "151.49.38.240" "2007-11-15 
> 09:30:54"     "xxx"   ""      "LOGIN" "230"   "4129295"
> "dex1.tsd.unifi.it"   "tsd.unifi.it"  "151.49.38.240" "2007-11-15 
> 09:31:02"     "xxx"   ""      "LOGIN" "230"   "4129295"
> "dex1.tsd.unifi.it"   "tsd.unifi.it"  "151.49.38.240" "2007-11-15 
> 09:31:26"     "xxx"   ""      "LOGIN" "230"   "4129295"
> "dex1.tsd.unifi.it"   "tsd.unifi.it"  "79.23.132.80"  "2007-11-15 
> 10:27:25"     "yyy"   ""      "LOGIN" "102"   "4626182"
> "dex1.tsd.unifi.it"   "tsd.unifi.it"  "79.23.132.80"  "2007-11-15 
> 10:33:24"     "yyy"   ""      "LOGIN" "97"    "4600841"
> "dex1.tsd.unifi.it"   "tsd.unifi.it"  "79.23.132.80"  "2007-11-15 
> 10:33:26"     "yyy"   ""      "LOGIN" "97"    "4600841"
> 
> excerpt from today's smtp log:
> 
> "tsd.unifi.it"        "tsd.unifi.it"  "151.49.38.240" "2007-11-15 09:30:54" 
> "xxx" ""      "xxx"   ""      ""      "SNDRIP=EIPMAP (zen.spamhaus.org)"      
> ""      "0"     ""
> "tsd.unifi.it"        "tsd.unifi.it"  "151.49.38.240" "2007-11-15 09:31:02" 
> "xxx" ""      "xxx"   ""      ""      "SNDRIP=EIPMAP (zen.spamhaus.org)"      
> ""      "0"     ""
> "tsd.unifi.it"        "tsd.unifi.it"  "151.49.38.240" "2007-11-15 09:31:26" 
> "xxx" ""      "xxx"   ""      ""      "SNDRIP=EIPMAP (zen.spamhaus.org)"      
> ""      "0"     ""
> "tsd.unifi.it"        "tsd.unifi.it"  "79.23.132.80"  "2007-11-15 10:33:19" 
> "yyy" ""      "yyy"   ""      ""      "SNDRIP=EIPMAP (zen.spamhaus.org)"      
> ""      "0"     ""
> "tsd.unifi.it"        "tsd.unifi.it"  "79.23.132.80"  "2007-11-15 10:33:23" 
> "yyy" ""      "yyy"   ""      ""      "SNDRIP=EIPMAP (zen.spamhaus.org)"      
> ""      "0"     ""
> "tsd.unifi.it"        "tsd.unifi.it"  "79.23.132.80"  "2007-11-15 10:33:26" 
> "yyy" ""      "yyy"   ""      ""      "SNDRIP=EIPMAP (zen.spamhaus.org)"      
> ""      "0"     ""
> 
> I'm further investigating ...

Are you sure the MUA didn't somehow change the access pattern, trying for 
example to perform a pre-emptive SMTP connection to find out if the auth 
cookie is still alive?
The first POP3/SMTP connections inside the log you reported, happens 
exactly at the same second.
Can the end user finally get in after some time, or it is always rejected?



- Davide


-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

Reply via email to