Problem with smtpd_delay_reject and reject_unlisted_sender

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with smtpd_delay_reject and reject_unlisted_sender

Julian Cowley
Hello,

Several months ago I discovered a problem with reject_unlisted_sender
allowing through some mail that should have been blocked.  I finally
found the incentive to track it down and create a simple test case
for it.

The apparent problem is that reject_unlisted_sender in
smtpd_recipient_restrictions doesn't work correctly when
smtpd_delay_reject is set to no.  If the sender address would be
blocked by reject_unlisted_sender, the first RCPT TO blocks the
invalid sender address as expected, but any RCPT TO sent afterward
is accepted with a 250 OK.

Here are two raw SMTP transcripts that show the problem (nothing has
been changed here).  In the following, [hidden email]
is not a valid address, and [hidden email] is valid (it is
listed in local_recipient_maps).

     $ postconf mail_version
     mail_version = 2.5.5

     $ postconf myhostname
     myhostname = babingka.lava.net

The first is with smtpd_delay_reject set to yes (the default), and
everything works correctly.

     $ postconf -n
     config_directory = /etc/postfix
     smtpd_delay_reject = yes
     smtpd_recipient_restrictions = reject_unauth_destination,
         reject_unlisted_sender

     --> 220 babingka.lava.net ESMTP Postfix
     <-- EHLO primo.lava.net
     --> 250-babingka.lava.net
     --> 250-PIPELINING
     --> 250-SIZE 10240000
     --> 250-VRFY
     --> 250-ETRN
     --> 250-ENHANCEDSTATUSCODES
     --> 250-8BITMIME
     --> 250 DSN
     <-- MAIL FROM:<[hidden email]>
     --> 250 2.1.0 Ok
     <-- RCPT TO:<[hidden email]>
     --> 550 5.1.0 <[hidden email]>: Sender address rejected: User unknown in local recipient table
     <-- RCPT TO:<[hidden email]>
     --> 550 5.1.0 <[hidden email]>: Sender address rejected: User unknown in local recipient table
     <-- RCPT TO:<[hidden email]>
     --> 550 5.1.0 <[hidden email]>: Sender address rejected: User unknown in local recipient table
     <-- RCPT TO:<[hidden email]>
     --> 550 5.1.0 <[hidden email]>: Sender address rejected: User unknown in local recipient table
     <-- QUIT
     --> 221 2.0.0 Bye

Now with smtpd_delay_reject set to no.  Notice the first address is
blocked, but all recipients after that get accepted.

     $ postconf -n
     config_directory = /etc/postfix
     smtpd_delay_reject = no
     smtpd_recipient_restrictions = reject_unauth_destination,
         reject_unlisted_sender

     --> 220 babingka.lava.net ESMTP Postfix
     <-- EHLO primo.lava.net
     --> 250-babingka.lava.net
     --> 250-PIPELINING
     --> 250-SIZE 10240000
     --> 250-VRFY
     --> 250-ETRN
     --> 250-ENHANCEDSTATUSCODES
     --> 250-8BITMIME
     --> 250 DSN
     <-- MAIL FROM:<[hidden email]>
     --> 250 2.1.0 Ok
     <-- RCPT TO:<[hidden email]>
     --> 550 5.1.0 <[hidden email]>: Sender address rejected: User unknown in local recipient table
     <-- RCPT TO:<[hidden email]>
     --> 250 2.1.5 Ok
     <-- RCPT TO:<[hidden email]>
     --> 250 2.1.5 Ok
     <-- RCPT TO:<[hidden email]>
     --> 250 2.1.5 Ok
     <-- QUIT
     --> 221 2.0.0 Bye
Reply | Threaded
Open this post in threaded view
|

Re: Problem with smtpd_delay_reject and reject_unlisted_sender

Wietse Venema
Julian Cowley:
> Hello,
>
> Several months ago I discovered a problem with reject_unlisted_sender
> allowing through some mail that should have been blocked.  I finally
> found the incentive to track it down and create a simple test case
> for it.

Good catch.  Unfortunately, a quick check shows that
(smtpd_)reject_unlisted_recipient is broken in more ways, and
I have several serious deadlines in the remainder of this month.

Workarounds are easy (don't set state->sender_rcptmap_checked=1)
but that can result in unnecessary table lookups.

So I recommend that you use reject_unlisted_sender inside
smtpd_sender_restrictions until I get around later in this year.
This is subtle code and I will not have time to review solutions
from other people.

        Wietse

> The apparent problem is that reject_unlisted_sender in
> smtpd_recipient_restrictions doesn't work correctly when
> smtpd_delay_reject is set to no.  If the sender address would be
> blocked by reject_unlisted_sender, the first RCPT TO blocks the
> invalid sender address as expected, but any RCPT TO sent afterward
> is accepted with a 250 OK.
>
> Here are two raw SMTP transcripts that show the problem (nothing has
> been changed here).  In the following, [hidden email]
> is not a valid address, and [hidden email] is valid (it is
> listed in local_recipient_maps).
>
>      $ postconf mail_version
>      mail_version = 2.5.5
>
>      $ postconf myhostname
>      myhostname = babingka.lava.net
>
> The first is with smtpd_delay_reject set to yes (the default), and
> everything works correctly.
>
>      $ postconf -n
>      config_directory = /etc/postfix
>      smtpd_delay_reject = yes
>      smtpd_recipient_restrictions = reject_unauth_destination,
>          reject_unlisted_sender
>
>      --> 220 babingka.lava.net ESMTP Postfix
>      <-- EHLO primo.lava.net
>      --> 250-babingka.lava.net
>      --> 250-PIPELINING
>      --> 250-SIZE 10240000
>      --> 250-VRFY
>      --> 250-ETRN
>      --> 250-ENHANCEDSTATUSCODES
>      --> 250-8BITMIME
>      --> 250 DSN
>      <-- MAIL FROM:<[hidden email]>
>      --> 250 2.1.0 Ok
>      <-- RCPT TO:<[hidden email]>
>      --> 550 5.1.0 <[hidden email]>: Sender address rejected: User unknown in local recipient table
>      <-- RCPT TO:<[hidden email]>
>      --> 550 5.1.0 <[hidden email]>: Sender address rejected: User unknown in local recipient table
>      <-- RCPT TO:<[hidden email]>
>      --> 550 5.1.0 <[hidden email]>: Sender address rejected: User unknown in local recipient table
>      <-- RCPT TO:<[hidden email]>
>      --> 550 5.1.0 <[hidden email]>: Sender address rejected: User unknown in local recipient table
>      <-- QUIT
>      --> 221 2.0.0 Bye
>
> Now with smtpd_delay_reject set to no.  Notice the first address is
> blocked, but all recipients after that get accepted.
>
>      $ postconf -n
>      config_directory = /etc/postfix
>      smtpd_delay_reject = no
>      smtpd_recipient_restrictions = reject_unauth_destination,
>          reject_unlisted_sender
>
>      --> 220 babingka.lava.net ESMTP Postfix
>      <-- EHLO primo.lava.net
>      --> 250-babingka.lava.net
>      --> 250-PIPELINING
>      --> 250-SIZE 10240000
>      --> 250-VRFY
>      --> 250-ETRN
>      --> 250-ENHANCEDSTATUSCODES
>      --> 250-8BITMIME
>      --> 250 DSN
>      <-- MAIL FROM:<[hidden email]>
>      --> 250 2.1.0 Ok
>      <-- RCPT TO:<[hidden email]>
>      --> 550 5.1.0 <[hidden email]>: Sender address rejected: User unknown in local recipient table
>      <-- RCPT TO:<[hidden email]>
>      --> 250 2.1.5 Ok
>      <-- RCPT TO:<[hidden email]>
>      --> 250 2.1.5 Ok
>      <-- RCPT TO:<[hidden email]>
>      --> 250 2.1.5 Ok
>      <-- QUIT
>      --> 221 2.0.0 Bye
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Problem with smtpd_delay_reject and reject_unlisted_sender

Victor Duchovni
In reply to this post by Julian Cowley
On Fri, Oct 17, 2008 at 10:06:50PM -1000, Julian Cowley wrote:

> Hello,
>
> Several months ago I discovered a problem with reject_unlisted_sender
> allowing through some mail that should have been blocked.  I finally
> found the incentive to track it down and create a simple test case
> for it.
>
> The apparent problem is that reject_unlisted_sender in
> smtpd_recipient_restrictions doesn't work correctly when
> smtpd_delay_reject is set to no.  If the sender address would be
> blocked by reject_unlisted_sender, the first RCPT TO blocks the
> invalid sender address as expected, but any RCPT TO sent afterward
> is accepted with a 250 OK.

The code expected explicit "reject_unlisted_sender" directives to be
used in smtpd_sender_restrictions, not "smtpd_recipient_restrictions".
This is where the implicit check is done when the explicit check is not
encountered first and smtpd_reject_unlisted_sender = yes.

The following anomalies are found otherwise:

    - smtpd_delay_reject = no, smtpd_reject_unlisted_sender = no and
      reject_unlisted_sender in the rcpt restrictions.

        In this case only the first recipient is rejected

    - smtpd_delay_reject = yes, smtpd_reject_unlisted_sender = yes.
      and reject_unlisted_sender in the client or helo restrictions.

        In this case, after one recipient is rejected in the "helo" or
        "client" restrictions, the remaining ones are instead handled
        by the implicit code path in the sender checks.

For now, do not use "reject_unlisted_sender" outside the
smtpd_sender_restrictions list, where it should work correctly.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.