Sudden Increase In Failusre Due To Pre-Greeting Traffic

I have been running the same sendmail config (FreeBSD 4.11-stable,
sendmail 8.13.8) for many months with no problem.  I am suddenly seeing
a spike in failures due to pre-greeting traffic.  Many of these are
from "legitimate" domains like earthlink and verizon mail server.
Is there something new afoot that might explain this?


-- 
----------------------------------------------------------------------------
Tim Daneliuk     tundra@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/
0
tundra (295)
2/24/2007 7:50:50 AM
comp.mail.sendmail 13473 articles. 1 followers. jfretby (35) is leader. Post Follow

8 Replies
578 Views

Similar Articles

[PageSpeed] 42

Tim Daneliuk <tundra@tundraware.com> writes:

> I have been running the same sendmail config (FreeBSD 4.11-stable,
> sendmail 8.13.8) for many months with no problem.  I am suddenly seeing
> a spike in failures due to pre-greeting traffic.  Many of these are
> from "legitimate" domains like earthlink and verizon mail server.
> Is there something new afoot that might explain this?

0) Have you tried to correlate greeting reject with CBL.abuseat.org
listings? [ when rejected and 2 hours later to give more time for listing]

1) Could you post 5-6 (fresh) names *you* consider to be legitimate?

Would be explanations worth to be checked first:
* new malvare/viral spamvare
* new release of some more popular MTA

-- 
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Before You Ask: http://anfi.homeunix.net/sendmail/B4UAsk-Sendmail.html
http://anfi.homeunix.net/sendmail/ [orkut,linkedin,xing]
0
anfi2 (1425)
2/24/2007 9:08:35 AM
Tim Daneliuk wrote:
> I have been running the same sendmail config (FreeBSD 4.11-stable,
> sendmail 8.13.8) for many months with no problem.  I am suddenly seeing
> a spike in failures due to pre-greeting traffic.  Many of these are
> from "legitimate" domains like earthlink and verizon mail server.
> Is there something new afoot that might explain this?
> 
> 

I have been gathering information that suggests some of the big houses 
are not playing well with greet-pause or greylisting. So far it's just a 
suggestion, not conclusive, but the evidence is growing.

dp
0
dennispe (388)
2/24/2007 7:25:48 PM
Andrzej Adam Filip wrote:
> Tim Daneliuk <tundra@tundraware.com> writes:
> 
>> I have been running the same sendmail config (FreeBSD 4.11-stable,
>> sendmail 8.13.8) for many months with no problem.  I am suddenly seeing
>> a spike in failures due to pre-greeting traffic.  Many of these are
>> from "legitimate" domains like earthlink and verizon mail server.
>> Is there something new afoot that might explain this?
> 
> 0) Have you tried to correlate greeting reject with CBL.abuseat.org
> listings? [ when rejected and 2 hours later to give more time for listing]

I am not aware of this site.  I will investigate.
> 
> 1) Could you post 5-6 (fresh) names *you* consider to be legitimate?

Here are a few (of many):

Feb 24 00:05:45 eskimo sm-mta-in[16656]: l1O64grE016656: rejecting commands from iris.acsalaska.net [209.112.173.229] due to pre-greeting traffic
Feb 24 00:07:00 eskimo sm-mta-in[16664]: l1O65vYc016664: rejecting commands from mxpool19.ebay.com [66.135.197.25] due to pre-greeting traffic
Feb 24 02:29:41 eskimo sm-mta-in[998]: l1O8Sc2S000998: rejecting commands from outbound-sin.frontbridge.com [207.46.51.80] due to pre-greeting traffic
Feb 24 05:45:46 eskimo sm-mta-in[5454]: l1OBihpc005454: rejecting commands from mail2.fsys.co.uk [193.82.139.31] due to pre-greeting traffic

Of course, there are many more that are obviously compromised machines sitting at the
end of DSL and cable modem links and greet_pause is doing its job as expected there.

Here's one I turned greet_pause off for and now I get:

Feb 24 13:20:20 eskimo sm-mta-in[12972]: l1OJJGR7012972: sv18pub.verizon.net [206.46.252.154] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA



> Would be explanations worth to be checked first:
> * new malvare/viral spamvare
> * new release of some more popular MTA
> 


-- 
----------------------------------------------------------------------------
Tim Daneliuk     tundra@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/
0
tundra (295)
2/24/2007 7:26:22 PM
In article <64g6b4-0nc.ln1@eskimo.tundraware.com>,
 Tim Daneliuk <tundra@tundraware.com> wrote:

> Andrzej Adam Filip wrote:
> > Tim Daneliuk <tundra@tundraware.com> writes:
> > 
> >> I have been running the same sendmail config (FreeBSD 4.11-stable,
> >> sendmail 8.13.8) for many months with no problem.  I am suddenly seeing
> >> a spike in failures due to pre-greeting traffic.  Many of these are
> >> from "legitimate" domains like earthlink and verizon mail server.
> >> Is there something new afoot that might explain this?
> > 
> > 0) Have you tried to correlate greeting reject with CBL.abuseat.org
> > listings? [ when rejected and 2 hours later to give more time for listing]
> 
> I am not aware of this site.  I will investigate.
> > 
> > 1) Could you post 5-6 (fresh) names *you* consider to be legitimate?
> 
> Here are a few (of many):
> 
> Feb 24 00:05:45 eskimo sm-mta-in[16656]: l1O64grE016656: rejecting commands 
> from iris.acsalaska.net [209.112.173.229] due to pre-greeting traffic
> Feb 24 00:07:00 eskimo sm-mta-in[16664]: l1O65vYc016664: rejecting commands 
> from mxpool19.ebay.com [66.135.197.25] due to pre-greeting traffic
> Feb 24 02:29:41 eskimo sm-mta-in[998]: l1O8Sc2S000998: rejecting commands 
> from outbound-sin.frontbridge.com [207.46.51.80] due to pre-greeting traffic
> Feb 24 05:45:46 eskimo sm-mta-in[5454]: l1OBihpc005454: rejecting commands 
> from mail2.fsys.co.uk [193.82.139.31] due to pre-greeting traffic
> 
> Of course, there are many more that are obviously compromised machines 
> sitting at the
> end of DSL and cable modem links and greet_pause is doing its job as expected 
> there.
> 
> Here's one I turned greet_pause off for and now I get:
> 
> Feb 24 13:20:20 eskimo sm-mta-in[12972]: l1OJJGR7012972: sv18pub.verizon.net 
> [206.46.252.154] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

That's one of the machines that does dictionary attacks for the benefit 
of Verizon's spam detection systems, offloading their costs to every 
domain owner who ever has an address forged into mail sent to VZ users. 
Drop packets from the /24 and you'll be better off. (you won't be able 
to mail VZ addresses either, but you might find that less of a problem 
than it sounds.)


More to your point: the GreetPause detection logs sessions that are 
closed by the client before the greeting identically to fast talkers. A 
lot of sites running qmail and derivatives seem to like very short 
banner timeouts, and so will show up as fast-talkers. If your system 
overloaded and bannering slow because of load issues, you will see a lot 
of legit sites logged. Shaw and MessageLabs are other examples.

-- 
Now where did I hide that website...
0
bill123 (477)
2/25/2007 12:57:42 AM
Bill Cole wrote:
> In article <64g6b4-0nc.ln1@eskimo.tundraware.com>,
>  Tim Daneliuk <tundra@tundraware.com> wrote:
> 
>> Andrzej Adam Filip wrote:
>>> Tim Daneliuk <tundra@tundraware.com> writes:
>>>
>>>> I have been running the same sendmail config (FreeBSD 4.11-stable,
>>>> sendmail 8.13.8) for many months with no problem.  I am suddenly seeing
>>>> a spike in failures due to pre-greeting traffic.  Many of these are
>>>> from "legitimate" domains like earthlink and verizon mail server.
>>>> Is there something new afoot that might explain this?
>>> 0) Have you tried to correlate greeting reject with CBL.abuseat.org
>>> listings? [ when rejected and 2 hours later to give more time for listing]
>> I am not aware of this site.  I will investigate.
>>> 1) Could you post 5-6 (fresh) names *you* consider to be legitimate?
>> Here are a few (of many):
>>
>> Feb 24 00:05:45 eskimo sm-mta-in[16656]: l1O64grE016656: rejecting commands 
>> from iris.acsalaska.net [209.112.173.229] due to pre-greeting traffic
>> Feb 24 00:07:00 eskimo sm-mta-in[16664]: l1O65vYc016664: rejecting commands 
>> from mxpool19.ebay.com [66.135.197.25] due to pre-greeting traffic
>> Feb 24 02:29:41 eskimo sm-mta-in[998]: l1O8Sc2S000998: rejecting commands 
>> from outbound-sin.frontbridge.com [207.46.51.80] due to pre-greeting traffic
>> Feb 24 05:45:46 eskimo sm-mta-in[5454]: l1OBihpc005454: rejecting commands 
>> from mail2.fsys.co.uk [193.82.139.31] due to pre-greeting traffic
>>
>> Of course, there are many more that are obviously compromised machines 
>> sitting at the
>> end of DSL and cable modem links and greet_pause is doing its job as expected 
>> there.
>>
>> Here's one I turned greet_pause off for and now I get:
>>
>> Feb 24 13:20:20 eskimo sm-mta-in[12972]: l1OJJGR7012972: sv18pub.verizon.net 
>> [206.46.252.154] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
> 
> That's one of the machines that does dictionary attacks for the benefit 
> of Verizon's spam detection systems, offloading their costs to every 
> domain owner who ever has an address forged into mail sent to VZ users. 
> Drop packets from the /24 and you'll be better off. (you won't be able 
> to mail VZ addresses either, but you might find that less of a problem 
> than it sounds.)
> 
> 
> More to your point: the GreetPause detection logs sessions that are 
> closed by the client before the greeting identically to fast talkers. A 
> lot of sites running qmail and derivatives seem to like very short 
> banner timeouts, and so will show up as fast-talkers. If your system 
> overloaded and bannering slow because of load issues, you will see a lot 
> of legit sites logged. Shaw and MessageLabs are other examples.
> 

Thanks for the insight.  I may have to disable greet_pause and depend on higher
level services for spam supression.  As much as I would like to clobber all
non-conforming external sites, users of this system expect connectivity before
spam supression (and of course, complain about the spam they do get)...

-- 
----------------------------------------------------------------------------
Tim Daneliuk     tundra@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/
0
tundra (295)
2/25/2007 7:11:16 AM
In article <sdp7b4-6vq.ln1@eskimo.tundraware.com>,
 Tim Daneliuk <tundra@tundraware.com> wrote:

> Bill Cole wrote:
[...]
> > More to your point: the GreetPause detection logs sessions that are 
> > closed by the client before the greeting identically to fast talkers. A 
> > lot of sites running qmail and derivatives seem to like very short 
> > banner timeouts, and so will show up as fast-talkers. If your system 
> > overloaded and bannering slow because of load issues, you will see a lot 
> > of legit sites logged. Shaw and MessageLabs are other examples.
> > 
> 
> Thanks for the insight.  I may have to disable greet_pause and depend on 
> higher
> level services for spam supression.  As much as I would like to clobber all
> non-conforming external sites, users of this system expect connectivity 
> before
> spam supression (and of course, complain about the spam they do get)...

Disabling GreetPause altogether is not necessary or even terribly 
useful. You can tune behavior per-site in the access map if you like, 
but in the final analysis you won't get much behavioral change from 
legit senders by disabling the GreetPause unless you have it set to 
something absurdly high (e.g. I have seen sites set it to 30 seconds, 
which is a recipe for disaster.)

-- 
Now where did I hide that website...
0
bill123 (477)
2/25/2007 5:25:06 PM
Bill Cole wrote:
> In article <sdp7b4-6vq.ln1@eskimo.tundraware.com>,
>  Tim Daneliuk <tundra@tundraware.com> wrote:
> 
>> Bill Cole wrote:
> [...]
>>> More to your point: the GreetPause detection logs sessions that are 
>>> closed by the client before the greeting identically to fast talkers. A 
>>> lot of sites running qmail and derivatives seem to like very short 
>>> banner timeouts, and so will show up as fast-talkers. If your system 
>>> overloaded and bannering slow because of load issues, you will see a lot 
>>> of legit sites logged. Shaw and MessageLabs are other examples.
>>>
>> Thanks for the insight.  I may have to disable greet_pause and depend on 
>> higher
>> level services for spam supression.  As much as I would like to clobber all
>> non-conforming external sites, users of this system expect connectivity 
>> before
>> spam supression (and of course, complain about the spam they do get)...
> 
> Disabling GreetPause altogether is not necessary or even terribly 
> useful. You can tune behavior per-site in the access map if you like, 
> but in the final analysis you won't get much behavioral change from 
> legit senders by disabling the GreetPause unless you have it set to 
> something absurdly high (e.g. I have seen sites set it to 30 seconds, 
> which is a recipe for disaster.)
> 

Maybe I don't understand the feature well then.  My understanding is that
if GreetPause is enabled and triggered by a particular site, that mail
transaction is discarded.  If I disable it (on a per-site or global basis)
then sites "behaving badly" will at least be able to attempt the mail
delivery.  I have already done this on a per-site basis for the ones I know
about, but as the number of MTAs doing this rises it becomes impossible to
administer it manually.  At some point, it's just easier to let 'em all
babble away and use some higher-level service like SpamAssassin to clobber
the bad guys.  If GreetPause were only being triggered by badly configured
or compromised machines this would be a non-issue, but the fact that
legitimate mail hosts are doing this makes it kind of a pain.

-- 
----------------------------------------------------------------------------
Tim Daneliuk     tundra@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/
0
tundra (295)
2/25/2007 6:13:23 PM
In article <b709b4-fs51.ln1@eskimo.tundraware.com>,
 Tim Daneliuk <tundra@tundraware.com> wrote:

> Bill Cole wrote:
> > In article <sdp7b4-6vq.ln1@eskimo.tundraware.com>,
> >  Tim Daneliuk <tundra@tundraware.com> wrote:
> > 
> >> Bill Cole wrote:
> > [...]
> >>> More to your point: the GreetPause detection logs sessions that are 
> >>> closed by the client before the greeting identically to fast talkers. A 
> >>> lot of sites running qmail and derivatives seem to like very short 
> >>> banner timeouts, and so will show up as fast-talkers. If your system 
> >>> overloaded and bannering slow because of load issues, you will see a lot 
> >>> of legit sites logged. Shaw and MessageLabs are other examples.
> >>>
> >> Thanks for the insight.  I may have to disable greet_pause and depend on 
> >> higher
> >> level services for spam supression.  As much as I would like to clobber all
> >> non-conforming external sites, users of this system expect connectivity 
> >> before
> >> spam supression (and of course, complain about the spam they do get)...
> > 
> > Disabling GreetPause altogether is not necessary or even terribly 
> > useful. You can tune behavior per-site in the access map if you like, 
> > but in the final analysis you won't get much behavioral change from 
> > legit senders by disabling the GreetPause unless you have it set to 
> > something absurdly high (e.g. I have seen sites set it to 30 seconds, 
> > which is a recipe for disaster.)
> > 
> 
> Maybe I don't understand the feature well then.  My understanding is that
> if GreetPause is enabled and triggered by a particular site, that mail
> transaction is discarded.  

Yes, but the sites that you see logged as triggering it may only be 
doing so by saying "QUIT" or even just sending a TCP close packet 
because you are too slow in responding. As you noted, disabling it for 
one host got you this:

>> Feb 24 13:20:20 eskimo sm-mta-in[12972]: l1OJJGR7012972: 
sv18pub.verizon.net 
>> [206.46.252.154] did not issue MAIL/EXPN/VRFY/ETRN during connection 
to MTA

That means they dropped the connection without doing anything. 
Legitimate MTA's don't actually try to push the SMTP session before the 
banner, but they do sometimes display impatience and simply go away. 
Slow response from sendmail is not only the result of the GreetPause 
feature, and it should take other factors to make make response so slow 
as to have a large number of sites time out. 

> If I disable it (on a per-site or global basis)
> then sites "behaving badly" will at least be able to attempt the mail
> delivery.  I have already done this on a per-site basis for the ones I know
> about, but as the number of MTAs doing this rises it becomes impossible to
> administer it manually. 

For those that continue to do as the cited Verizon host did, you are not 
going to be getting any improvement from selective or total removal of 
GreetPause. 

I've been through this process and found that the hosts that triggered a 
5-second GreetPause showed no improvement or only  marginal improvement 
when exempted. I only got significant improvement from eliminating other 
things that caused Sendmail to respond slowly (notably the DelayLA 
setting, but also eliminating other loads on the host.) 

> At some point, it's just easier to let 'em all
> babble away and use some higher-level service like SpamAssassin to clobber
> the bad guys.  

That very much depends on your available CPU and memory. SA is much more 
demanding than 

> If GreetPause were only being triggered by badly configured
> or compromised machines this would be a non-issue, but the fact that
> legitimate mail hosts are doing this makes it kind of a pain.

They *are* badly configured, unless you've made a huge mistake with 
GreetPause or other Sendmail load tuning that is causing very long 
delays. RFC821 and RFC2821 specify minimum timeouts, and as far as I've 
been able to see, the legit sites that have problems are all more 
impatient than the standard says they should be. 

How tolerable degraded service with misconfigured but generally 
legitimate sites is in your particular circumstance is something only 
you can decide, but dropping the greeting pause is not likely to affect 
the degradation in any major way.

-- 
Now where did I hide that website...
0
bill123 (477)
2/25/2007 7:41:39 PM
Reply:

Similar Artilces:

pre-greeting traffic
I use Sendmail 8.13.1 Suse 9.2 This is my suse-linux.m4 --------------------------------------------------------start divert(-1) # # Copyright (c) 1999,2000 SuSE GmbH Nuernberg, Germany. # Author: Werner Fink <werner@suse.de> # divert(0) VERSIONID(`@(#) suse-linux.m4 8.12.3-0.6 (SuSE Linux) 2003/04/15') define(`confCF_VERSION', `SuSE Linux 0.7')dnl dnl dnl Flags dnl define(`confDEF_USER_ID', `daemon:daemon')dnl define(`confCOPY_ERRORS_TO', `Postmaster')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confMAX_MIME_HEADER_LENGTH', `256/128')dnl define(`confMAX_HEADERS_LENGTH', `32768')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confMAX_DAEMON_CHILDREN', `15')dnl define(`confTO_ICONNECT', `30s')dnl dnl Many sysadmins have disabled IDENT define(`confTO_IDENT', `0s')dnl dnl Should we set noreceipts aka disable DSN? define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,novrfy,noexpn,noverb')dnl define(`confTRUSTED_USERS', `mdom vscan wwwrun root uucp daemon mail')dnl define(`confNO_RCPT_ACTION', `add-to-undisclosed')dnl dnl Note: RFC1891 says that, but often misused dnl define(`confRRT_IMPLIES_DSN', `True')dnl FEATURE(`always_add_domain')dnl dnl dnl Mailer dnl ...

sendmail suddenly quit delivering the mail
Hi, Hopefully this is a simple problem but searching google has not found a good solution. Mail sent from FC6 system is not being delivered. It was working fine and then stopped 5 days ago. Running mailq I see the mail messages in the queue. E.g.: l0JCRCxq014675 7623 Fri Jan 19 05:31 MAILER-DAEMON (host map: lookup (adomain.ca): deferred) charles@adomain.ca If I run '/usr/sbin/sendmail -v -q Il0' it delivers all the messages just fine. Pinging adomain.ca and doing an nslookup on it resolves the domain just fine. Here is the output from 'sendmail -d0.1': Version 8.13.8 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT ============ SYSTEM IDENTITY (after readcf) ============ (short domain name) $w = localhost (canonical domain name) $j = localhost.localdomain (subdomain name) $m = localdomain (node name) $k = bloomsbury Any ideas what the problem could be? charlie In article <1169229519.865013.37300@11g2000cwr.googlegroups.com> "Charlie" <ctuckey@gmail.com> writes: > >Mail sent from FC6 system is not being delivered. It was working fine >and then stopped 5 days ago. > >Running mailq I see the mail messa...

Sending mail without sendmail or highly secure sendmail
Hello all, I am setting up a very secure Red Hat Enterprise Linux Advanced Server version 4 update 6 server. My sendmail version is 8.13.1. My mail server is a Windows 2003 Server with Exchange 2003 with its patches. They are both on the same subnet. DNS is on and it will resolve the mail server's name and IP. SSH, SCP, SFTP, and such tools are the only networkable protocols on. NFS if off, MOUNTD is off, PORTMAP is off, and such. Until just recently sendmail was off on the RHEL server as part of the hardening procedure. However part of the auditing requirements is for a mail message to go out to some admin if certain events occur such as "disk is full," "a panic occurred," "the system rebooted" etc. So I will perhaps cut sendmail on and mitigate the risk as best as possible. So, this sounds dumb, but can you send mail without sendmail. I think perhaps no, but I thought I'd ask anyway. Secondly does anyone have a harden .mc file from which they could share what they did? Of course you can fudge in phoney IP and names to protect your secured environment. Advice or insight do any of you have on securing sendmail is appreciated? I want to avoid such things as promiscuous relays, unqualified senders, etc etc. But if it must be ... it must be. :) Thanks George <george.e.sullivan@saic.com> wrote: > I am setting up a very secure Red Hat Enterprise Linux Advanced Server > version 4 update 6 server. My sendmai...

Suddenly cannot send mail through mail.app via gmail
I have been set up with gmail.com and using mail.app to access it when I am at my home computer. When I moved from Tiger to Leopard, I noticed that posting, as measured by the rotating symbol duration, increased in time by maybe three times as much, but it still worked. I was able to send until about 10 am today, and then it stopped. Had to do my mail through Safari, which I hate. I updated from 10.5.3 to 10.5.4 at about 1 pm, but the problem started well before then and it didn't help. The inbox is working fine and my dsl seems to be working as well as it ever does. I have not messe...

how to force sendmail to forward mails to another mail server?
Hi all, Currently we have 2 machines for mail (a smtp server and a pop server) Currently, sendmail accepts and sends out mail for our domain. We'd like sendmail to just send out mails but when it receives mails, it should forward it to our pop server. should we use mailertable for this or some other method? thanks for any info ike lozada schrieb: > Hi all, > > Currently we have 2 machines for mail (a smtp server and a pop server) > Currently, sendmail accepts and sends out mail for our domain. We'd > like sendmail to just send out mails but when it receives mails, ...

Sendmail Greeting
Hello All, When I checked my domain with www.dnsreport, I got a warning that said: ================================ WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record. mail.techsys.net claims to be invalid hostname 'localhost': 220 localhost ESMTP SMTPProxy ================================ So, My question is, How do I make sendmail use "mail.techsys.net" instead of "localhost" ? Thanks Sabah On Thu, 29 Jun 2006 14:24:08 +0200 Sabah wrote: > So, My question is, How do I make sendmail use "mail.techsys.net" instead of > "localhost" ? > Sabah Set your hostname inside the OS correctly. How to do so differs between the OSs / distributions. Alexander -- Alexander Dalloz | L�hne, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 15:28:16 up 2 days, 1:50, load average: 0.18, 0.14, 0.04 Dear Alex...

Mail::Sendmail
perl doesn't like my return address. Does anyone know why? error message as follows-------------------- [rudi@tsuse rudi]$ perl mail_test.pl [rudi@tsuse rudi]$ Bad or missing From address: '' text of program follows---------------------- [rudi@tsuse rudi]$ vi mail_test.pl 1 #!/usr/bin/perl; 2 use Mail::Sendmail; 3 4 %mail = { To => "ccc31807\@yahoo.com", 5 From => "cartercc\@gmail.com", 6 Subject => 'Test of sendmail', 7 Message => "This is a test of sendmail"}; 8 9...

[ANNOUNCE] wxAda (pre-pre-pre-pre-release)
Hi, Just thought I'd post a little note about the status of the project. I have uploaded the source to Tigris. This is not complete and I have stalled. I have recently stumbled across major blocks which I need help with. Or if somebody wants to take over leading development, I have no problem with that; my future with wxAda isn't too clear to me at the moment. The source isn't in the best way, but it does build with wxWidgets 2.6.3 and does provide some functionality. Please feel free to look over the project and see what can be done. Thanks, Luke. I forgot in the rush, the URL is: http://wxada.tigris.org Luke. Tried to compile it with GNAT and Ada 2005 and run into some problems how do yoy want feedback /Regards /Per Lucretia wrote: > I forgot in the rush, the URL is: http://wxada.tigris.org > > Luke. > Per Sandberg wrote: > Tried to compile it with GNAT and Ada 2005 and run into some problems > how do yoy want feedback It's not an Ada 2005 project so make sure it's in Ada95 by default - GCC-4.1.1 is and this definitely works, as does GNAT-3.15p. There is a discussion forum here: http://wxada.tigris.org/servlets/ProjectForumView Luke. ...

How do I configure Sendmail to reject all mail to domains not in /etc/mail/access file?
Hi. I've got a serious spam problem on one my server which is running Sendmail 8.13.1. I've been struggling with iptables, although efficient but not manageable in the long run. The problem really is bad scripts made by users on their webpages, but it is impossible for me to debug these. So this is why I'm looking for information on how to block all @domain.tld's while maintaining the ability to send mail to certain specified domains in the /etc/mail/access file. Thus far, I've also been adding domain.tld in local-host-names and relaying all @domain.tld to a local alias which is redirected to /dev/null. This solution is also unmanageable in the long run. Therefore I turn to you for guidance and information on how to find a solution for the spam problem on my server. Feedback and tips will be greatly appreciated :) Thx, /Timo_S On Fri, 11 Aug 2006 19:03:08 +0300 Timo_S wrote: > I've got a serious spam problem on one my server which is running > Sendmail 8.13.1. I've been struggling with iptables, although efficient > but not manageable in the long run. > > The problem really is bad scripts made by users on their webpages, but > it is impossible for me to debug these. So this is why I'm looking for > information on how to block all @domain.tld's while maintaining the > ability to send mail to certain specified domains in the > /etc/mail/access file. What do these "bad scripts" do...

Re: Delivery Protection ScanMail has blocked your mail due to a mail policy.
info@netia.pl Wiadomosc nie zosta�a dostarczona do odbiorcy poniewaz zawierala tre�ci niedozwolone przez zasady uzytkowania poczty elektronicznej w Netia S. A. Wiadomosc zostala wyslana automatycznie przez system ochrony antywirusowej. Prosimy nie odpowiadac na ta wiadomosc. Scanned by ScanMail for Lotus Notes 2.6 SP1 with scanengine 7.500-1001 and pattern version 2.379.00 ...

problem with sendmail, not sending mails to some mail servers like yahoo except gmail
hi this is sasidhar, we have CentOS5 with default sendmail configuration. Initially it is sending mails to gmail, yahoo etc. last few days it is not sending mails to yahoo. In maillog I observed that for yahoo mails the stat value is deferred. I tried everything by browsing google but I didn't find any solution to this problem. Finally I came here with lots of hope. In mail queue there are more than 1 lack, most of them yahoo, rediff etc. For gmail it is not giving any problem every mail is going. please give any suggestions to solve this problem. Thanks, sasidhar. On 11/5/2009 11:36 PM, sasidhar prabhakar wrote: > hi this is sasidhar, > > we have CentOS5 with default sendmail configuration. > Initially it is sending mails to gmail, yahoo etc. last few days it is > not sending mails to yahoo. > In maillog I observed that for yahoo mails the stat value is deferred. > I tried everything by browsing google but I didn't find any solution > to this problem. > Finally I came here with lots of hope. > > In mail queue there are more than 1 lack, most of them yahoo, rediff > etc. For gmail it is not giving any problem every mail is going. > > please give any suggestions to solve this problem. > > Thanks, > sasidhar. > > > Deferred is generally not a problem. As your queue runs (usually, once an hour), it will try again (and again, as necessary). You can force sendmail to run the queue by running it wi...

Switch off the "Mail delivery failed: returning message to sender" mail from sendmail ?
Hello ! Now i have here a little freebsd 6.3 server. This server receive and send my lokal and worldwide emails. When this server receive a mail with unqualified local user sendmail automatic generate the mail that says "Mail delivery failed: returning message to sender". Somewhere spam known now that this mail adress has a reciving server and can probe other names before @ ? My ideas now is the feature switched off and no generate this ugly mail ? The mail with unqualified username can delete now ? Can somwhere help me to find the right option in my *.mc sendmail configuration file ? Thanxs 4 ever !!! ....Jaro ------------------------------------------------------ #!/usr/bin/perl foreach $c (split(/ /,"4a 61 72 6f 6d 96 72 20 50 72 69 6e 7a 6c 65 72")) { print pack("C", hex($c)); } Hello, Take a look on PrivacyOptions=noactualrecipient ...

newbie question: sendmail doesn't send mail to external mail account.
Hi there, It seems send mail doesn't send mail to external mail account in my FreeBSD 4.8 BOX. However, I'm able to receive mail from external mail, such as yahoo, hotmail account. My config is: FreeBSD 4.8 ISP: bell Sympatico high speed with dynamic IP address. SMTP port is enabled on the router/firewall. Can anyone help? bluesnow#mail -v calvin2k_cn@yahoo.com Subject: This is a test. Do you hear me? EOT calvin2k_cn@yahoo.com... Connecting to [127.0.0.1] via relay... 220 bluesnow.gotdns.com ESMTP Sendmail 8.12.8p1/8.12.8; Thu, 26 Jun 2003 17:14:51 -0400 (EDT) >>> EHLO bluesnow.gotdns.com 250-bluesnow.gotdns.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-DELIVERBY 250 HELP >>> MAIL From:<cguan@bluesnow.gotdns.com> SIZE=68 250 2.1.0 <cguan@bluesnow.gotdns.com>... Sender ok >>> RCPT To:<calvin2k_cn@yahoo.com> >>> DATA 250 2.1.5 <calvin2k_cn@yahoo.com>... Recipient ok 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 h5QLEpDJ006984 Message accepted for delivery calvin2k_cn@yahoo.com... Sent (h5QLEpDJ006984 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 bluesnow.gotdns.com closing connection bluesnow# sendmail -bp /var/spool/mqueue (2 requests) -----Q-ID----- --Size-- -----Q-Time----...

Sendmail authentificates, client cann still send mails with fake "Mail From:" tag
hello, i've just finished my first AUTH sendmail configuration, client cann authentificate himself via LOGIN/PLAIN with TLS. I've noticed though that sendmail doesn't pose any restraints regarding the mail from: tag. lets say my domain is test.de, my loginname ist alex now i cand send mails from arbitrary name@ test.de...actually from arbitrary name @ arbitrary domain :) Am i missing something here ? what i would like is: user authentificates -> he is allowed to send mail only with the prior stipulated address (his address) Thanks! Regards, Alex alexThor wrote: > hello, > > i've just finished my first AUTH sendmail configuration, client cann > authentificate himself via LOGIN/PLAIN with TLS. I've noticed though > that sendmail doesn't pose any restraints regarding the mail from: tag. > lets say my domain is test.de, my loginname ist alex > now i cand send mails from arbitrary name@ test.de...actually from > arbitrary name @ arbitrary domain :) > > Am i missing something here ? > > what i would like is: user authentificates -> he is allowed to send > mail only with the prior stipulated address (his address) > Thanks! > > Regards, > Alex http://www.jmaimon.com/sendmail http://www.jmaimon.com/sendmail/#rewritesender http://www.jmaimon.com/sendmail/patches/rewrite_sender.tar.gz This should do exactly what you want. jmaimon@ttec.com wrote: > > http://www.jmaimon.com/sendmail > ht...

Sendmail 8.14.3 not sendmail hugely attached e-mail files in a timely manner
What could be the problem. They seem stuck and I have to run sendmail -v -q manually just to get them to propogate. Any reason why? -- Member - Liberal International This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! If you cannot lead a family how can you pastor a church? The Doctor unleashed the infinite monkeys on 21/05/2009 00:07 producing: > What could be the problem. > > They seem stuck and I have to run sendmail -v -q manually just > to get them to propogate. > > Any reason why? With so little information, it's impossible to help you. How do you define "huge"? How long do you wait? What's in your mail logs? -- Rob MacGregor (BOFH) Rule 37: "There is no 'overkill'. There is only 'open fire' and 'I need to reload.'" ...

mail::sendmail (SOMETIMES) get "bad file descriptor" error when mail not local
I have a leased Linux box that I installed mail::Sendmail on using CPAN I'm using a perl script to send mail. I have a domain on that server and I get my personel email at that address. The script works fine when I am using my own email address as the recipient, but when I try to send to any other domain I get, for example, "sendmail failure sending to somebody@otherdomain.org Bad file descriptor" I don't have this problem with by Linux box at home and I thought I configured it the same way. (I just let CPAN do it's thing) I noticed that there is a soft link to qmail on the remote server, but it was my understanding that mail::Sendmail is independant of other mail programs. Is there some configuration file I can change to solve this problem? Anyone have any ideas? Thanks, Dave Dave Roberts wrote: > I have a leased Linux box that I installed mail::Sendmail on using > CPAN > > I'm using a perl script to send mail. I have a domain on that server > and I get my personel email at that address. > > The script works fine when I am using my own email address as the > recipient, but when I try to send to any other domain I get, for > example, > > "sendmail failure sending to somebody@otherdomain.org Bad file > descriptor" > > > I don't have this problem with by Linux box at home and I thought I > configured it the same way. (I just let CPAN do it's thing) > > I not...

"Microsoft ESMTP MAIL Service" misleading the Sendmail by BODY=7BIT in "mail from"
Hello. I ran into a situation where the Sendmail deceived by the Microsoft ESMTP MAIL Service. MS ESMTP Service send to Sendmail MAIL FROM:<system@gosuslugi.ru> SIZE=12345 AUTH=<> BODY=7BIT but message is not 7BIT. It contain MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--2f2da5fd4e757bb09dce3cc4fd3fda88" Content-Transfer-Encoding: 7bit in header, but ----59b9b79d39a2fcdcd7600d2d20592b5a Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 8bit in some parts and real text in utf8. Sendmail loses one bit. :-( A second big problem - a huge E-Mail providers such as GMail or Mail.ru ignore the "BODY=7BIT" and messages accepted propertly. I find it difficult to prove that the problem should be resolved by the message sender or the postmaster of "Microsoft ESMTP MAIL Service". Any idea ? -- Regards, Sergey. On 02/18/11 07:42, Sergey wrote: > I ran into a situation where the Sendmail deceived by the Microsoft > ESMTP MAIL Service. MS ESMTP Service send to Sendmail I think that's better worded as Microsoft ESMTP MAIL Service is lying about being 7-bit. > MAIL FROM:<system@gosuslugi.ru> SIZE=12345 AUTH=<> BODY=7BIT > > but message is not 7BIT. It contain > > MIME-Version: 1.0 > Content-Type: multipart/mixed; boundary="--2f2da5fd4e757bb09dce3cc4fd3fda88" > Content-Transfer-Encoding: 7bit > ...

sendmail sendmail[12024]: [ID 801593 mail.crit] k560CUvG012024: SYSERR(root): collect: read timeout on connection from ???????, ???????
Does anyone else get this error messages. What does this mean?? What can I do to fix this? sendmail sendmail[12024]: [ID 801593 mail.crit] k560CUvG012024: SYSERR(root): collect: read timeout on connection from ??????, ???? OS Solaris 10 Sendmail 8.13.6 Thanks Jeff spellman.jeff@gmail.com wrote: > Does anyone else get this error messages. What does this mean?? > What can I do to fix this? > sendmail sendmail[12024]: [ID 801593 mail.crit] k560CUvG012024: > SYSERR(root): collect: read timeout on connection from ??????, ???? > > OS Solaris 10 > Sendmail 8.13.6 > > Thanks > Jeff > The sender didn't complete a particular phase of the smtp protocol. Possibly completed the helo xxxxx.xxx but not the mail from:, or neither. Basically it means they hung up on you. Telnet to your mailer and experiment with incomplete stanzas, begining with helo..., mail from:..., rcpt to:..., data... and drop the connection before completing each stanza. Bonus points for using log level 15 or greater. dp ...

How do I delete mail from mail file /var/mail/su after reading mails
I used to receive data in mail from users. I used to read those data and load that into a ORACLE table. However I am not able to delete those mails after reading and loading it. Currently I delete them manually when the mail file grow very big Is there a way we can delete these mails after we read it using shell script ? ...

duplicate mails in sendmail
Our mainserver is down and all mails are now queing in the MX-backup-machine. It now would be nice to alter sendmail on the MX-backup so it would temporary deliver all the mails to a local mailbox but still try to send all the mails to the mainserver if it comes up again. I know this could be more or less easy done with some external mailers like procmail, but I'd like to know if this can be done inside sendmail. thnx, peter -- peter pilsl pilsl_usenet@goldfisch.at http://www.goldfisch.at In article <3f544d70$1@e-post.inode.at> peter pilsl <pilsl_usenet@goldfisch.at&g...

sendmail for only sending mail
hello, i want to be able to use sendmail to just send mail from a pipe... nothing more than that (meaning, no need for handling queue, etc.) so far, any linux i logged in to could do this by doing: # /usr/sbin/sendmail address@domain.com .... Type in message using headers etc .. and that's it, the message would be sent. however, in my fresh fedora installation, i cannot make sendmail terminate... it accepts input from std input, but "." does not send the message nor does ^D, nothing. i can't find in sendmail.cf a mention of "termination symbol". any ideas? (i thought it might be related to some terminate symbol, so i tried: /usr/sbin/sendmail -t -messagefile=msg.txt which should send message from a file, but still, i get std input waiting for input, and unable to terminate except for ^C.) i am using the fedora distribution by the way. thanks. In article <4100396a-486b-4d25-b2e7-8fcb753a8c63@r15g2000prh.googlegroups.com> jack.monflower@gmail.com writes: >hello, >i want to be able to use sendmail to just send mail from a pipe... >nothing more than that (meaning, no need for handling queue, etc.) >so far, any linux i logged in to could do this by doing: > ># /usr/sbin/sendmail address@domain.com >... Type in message using headers etc >. > >and that's it, the message would be sent. >however, in my fresh fedora installation, i cannot make sendmail >terminate... it accepts input from std input, but "...

Sendmail Deferring mail.
Hi All, I have an issue with sendmail deferring mail when sending, mail is just getting dumped in the mail queue and going no-where.. I'm getting the following error: May 8 21:40:43 wamzl100 sendmail[5723]: p491ehbX005723: from=<root@wamzl100.xxx.com>, size=321, class=0, nrcpts=1, msgid=<201105090140.p491edDd005720@wamzl100.xxx.com>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1] May 8 21:40:43 wamzl100 sendmail[5720]: p491edDd005720: to=xxx@xxx.com.au, ctladdr=root (0/0), delay=00:00:04, xdelay=00:00:00, mailer=relay, pri=30010, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (p491ehbX005723 Message accepted for delivery) May 8 21:40:43 wamzl100 sendmail[5725]: p491ehbX005723: to=<xxx@xxx.com.au>, ctladdr=<root@wamzl100.xxx.com> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120321, relay=xxx.com.au.s9b2.psmtp.com. [74.125.148.14], dsn=4.0.0, stat=Deferred: Invalid argument I have set the verbosity to 20, rather than the default of 9, and i'm still getting no more info in my logs... David Nedved <david.nedved@flightcentre.com.au> wrote in <5ac9476d-1d5b-4dc4-96cc-96a1081a9ba6@b7g2000prg.googlegroups.com>: > Hi All, > I have an issue with sendmail deferring mail when sending, mail is > just getting dumped in the mail queue and going no-where.. > > I'm getting the following error: > > May 8 21:40:43 wamzl100 sendmail[5723]: p491ehbX005723: > from=<root@wamzl100.x...

Sendmail mail redirection
I am using sendmail running on an HP Intel based server loaded with Red Hat 7.2. My delima is that I was tasked with trying to capture email coming from a specific "external" email address and redirect it to a specific "internal" email address rather than the original recipient; it would be nice to potentially have it go to both the originally intended as well as the additional "mailbox". Any help in resolving this is greatly appreciated. ...

Mailing list with Sendmail ?
Hi, Is there a way, with Sendmail, to retrieve all email addressed received into a TXT file for instance ? That could help me for using this, for mailing list.... how to configure it ? Thanks On Mar 23, 9:06 am, Steve <st...@everybody.com> wrote: > Hi, > > Is there a way, with Sendmail, to retrieve all email addressed received > into a TXT file for instance ? > > That could help me for using this, for mailing list.... > > how to configure it ? > > Thanks check out http://www.klake.org/sma/ ...

Web resources about - Sudden Increase In Failusre Due To Pre-Greeting Traffic - comp.mail.sendmail

Resources last updated: 3/25/2016 5:14:17 AM