Re: Access DB question

* Bill Cole wrote:
In article <fa2nca$68u$1@xxxxxxxxxxxxxxxxxxxx>,
NPG <nathan@xxxxxxxxxxxxxxxx> wrote:

* Bill Cole wrote:
In article <f9vpnr$nj6$1@xxxxxxxxxxxxxxxxxxxx>,
NPG <nathan@xxxxxxxxxxxxxxxx> wrote:

* Andrzej Adam Filip wrote:
NPG <nathan@xxxxxxxxxxxxxxxx> writes:

* Andrzej Adam Filip wrote:
NPG <nathan@xxxxxxxxxxxxxxxx> writes:

I have a strange one this morning.

We received an email, to a valid user, from a domain say ( example.net
)
which we thought was blacked by our access DB.

our access.db says

example.net 550 example.net denied
To:validuser@xxxxxxxxxxxxx OK
To:.ourdomain.com REJECT
To:ourdomain.com REJECT

our .mc file says

FEATURE(`access_db')dnl Host Access DB
FEATURE(`lookupdotdomain')dnl Generalize host lookup in access.db
FEATURE(`blacklist_recipients')dnl Block recipients in Access DB
dnl FEATURE(`delay_checks')dnl Delay Checks disabled

How did it get through?
Was it supposed to be blocked based on envelope sender or sending host?
Both

Bat Book 2nd Ed. p. 316 3rd paragraph seems to indicate that doing it
like this would block both the envelope sender and connecting hosts from
example.net.

example.net 550 example.net denied

We block connections from example.net at our border. The message was
passed to our primary MX from the backup MX which we have no control
over. So in this case I don't think connection blocking is the issue.

blocking based on sending host => there may be "not closed" loop of
PTR-A dns records.
Could you post the real access db entry and real log file entries?
[ from= and to= lines ]

No as this list is trolled by spammers.
The access db was posted with only user and host names changed to
protect the guilty.

I'll do the same for the log entries.

Aug 14 18:03:43 gw1 sendmail[3491]: l7EM3VGA003491:
from=<SRS0=f0VA=NL=example.net
=other.person@xxxxxxxxxxx>, size=2677, class=0, nrcpts=1,
msgid=<9d6a1ae6070814
1503q4b9a8e1l4ab61e9bc855131f@xxxxxxxxxxxxxxxx>, proto=ESMTP,
daemon=MTA, relay=backup-mx.bmx.net [IP.IP.IP.IP]
Aug 14 18:03:52 gw1 sendmail[3529]: l7EM3VGA003491:
to=<validuser@xxxxxxxxxxxxx>, delay=00:00:15, xdelay=00:00:02,
mailer=relay, pri=122677, relay=host.ourdomain.com. [IP.IP.IP.IP],
dsn=2.0.0, stat=Sent (l7EM3o0x004244 Message accepted for delivery)
Neither the envelope sender or the client hostname is in the example.net
domain.

I wondered if that was going to be the case as I was posting this last
night. Since it came through our backup MX connection blocking doesn't
apply.

My mail reader shows it as
From: "Other Person" <other.person@xxxxxxxxxxx>

A From header is not necessarily related to the envelope sender or the
client hostname. Sendmail itself does not normally filter based on From
headers.
Now that you mention it, ... DOH!!!

The message headers show it as coming from example.net to my backup MX
then to my primary MX.

What is going on with that envelope sender and all those = signs?
Oh SRS ?!

Run away from that MX operator fast.

Even if one thinks SRS is a potentially good idea, applying it to mail
that is only being relayed (not forwarded) is WRONG. Why anyone would
come up with the idea of doing that is hard to imagine without positing
malice or deep incompetence.

I'll vote for deep incompetence.

I have never encountered it before, but under the circumstances my
opinion of it just plummeted.

The root problem is having the backup MX that you do not control. That
was sometimes a useful practice in the days when connectivity problems
were chronic and widespread. It is a virtually useless practice today,
and using a backup MX that has the administrative wisdom issues you are
seeing cannot be a positive thing.

I'll agree there.
Do you know where we can find a good backup MX?
.

Relevant Pages

  • Re: Access DB question
    ... We received an email, to a valid user, from a domain say (example.net ... Was it supposed to be blocked based on envelope sender or sending host? ... So in this case I don't think connection blocking is the issue. ... Since it came through our backup MX connection blocking doesn't ...
    (comp.mail.sendmail)
  • Re: Access DB question
    ... We received an email, to a valid user, from a domain say ... Was it supposed to be blocked based on envelope sender or sending host? ... So in this case I don't think connection blocking is the issue. ... Since it came through our backup MX connection blocking doesn't ...
    (comp.mail.sendmail)
  • Re: MSKB 891957, VSS Update for Windows Server 2003
    ... I left the connection sit idle and checked back in an hour. ... server and browsed around for a few minutes. ... it would seem that there is still some issue with the V6 RDP ... I left the server with user Backup logged in when I left the ...
    (microsoft.public.windows.server.general)
  • Re: Backup Question
    ... If it is possible to backup the ... the net connection using a DSL Router ... but by error I altered the connection settings to include DHCP ... connect using a static IP & using the DNS Servers that the ISP ...
    (alt.os.linux.suse)
  • Re: whats the best virus protection
    ... > not your system and your downloads are malware free before backup. ... once you connect to storage device while the PC is Internet ... Anyways it only takes a few moments to unconnect the Inet connection ...
    (alt.comp.anti-virus)