Bug#448788: postfix/postgrey: "Sender address rejected: " are not filtered out

Wed, 31 Oct 2007 16:47:55 -0800 

On Wed, Oct 31, 2007 at 07:56:55PM -0400, Justin Pryzby wrote:
> On Wed, Oct 31, 2007 at 05:42:50PM -0500, Florin Iucha wrote:
> > Package: logcheck-database
> > Version: 1.2.63
> > Severity: important
> > 
> > 
> > I am running postfix with postgrey for graylisting and I'm getting tons
> > of :
> > 
> >    Oct 31 16:20:21 hermes postfix/smtpd[6778]: NOQUEUE: reject: RCPT from 
> > $HOST[$IP]: 450 4.2.0 <>: Sender address rejected: Server unavailable.  Try 
> > again later.; from=<> to=<[EMAIL PROTECTED]> proto=ESMTP  helo=<$HOST>
> > 
> > I am getting too many of those with an zero-length from and with
> > abqnm$RANDOM_STRING as the originator, so I suspect it is some
> > clever antispam or open relay testing tool.  At any rate, it is
> > generating waay too much noise.
> That's because the rule is:
> 
> <[^[:space:]]+>: (Sender|Recipient) address rejected:
> 
> so it seems that it should be
> 
> <[^[:space:]]*>: (Sender|Recipient) address rejected:
> 
> However it's not clear to me why the sender address is being rejected,
> as <> is not only valid but required to be allowed for bounces.  I
> note that postfix is using <> when I do: "mail from:>" but not giving
> the "server unavailable" message (instead apparently treating it as
> the null originator).
> 
> Can you confirm that DNS on the logcheck/postfix machine(s) is
> working?

Yes, it is working fine -- I am sending this message from that very
machine.

If it helps, here are two examples of messages:

---- cut here ---
Oct 31 16:20:21 hermes postfix/smtpd[6778]: NOQUEUE: reject: RCPT from          
+co01-00511.bcc.de[212.68.65.128]: 450 4.2.0 <>: Sender address rejected: Server
+unavailable.  Try again later.; from=<> to=<[EMAIL PROTECTED]> proto=ESMTP    
+helo=<co01-00511.bcc.de>                                                       
Oct 31 16:29:36 hermes postfix/smtpd[6869]: NOQUEUE: reject: RCPT from          
+mailgw11.hrz.uni-giessen.de[134.176.2.191]: 450 4.2.0 <>: Sender address       
+rejected: Server unavailable.  Try again later.; from=<>                       
+to=<[EMAIL PROTECTED]> proto=ESMTP helo=<mailgw11.hrz.uni-giessen.de>       
---- cut here ---

I do have about 100 abqnm* messages a day:

hermes:/var/log# grep -c abqnm mail.log
96
hermes:/var/log# grep -c abqnm mail.log.0
108

florin

-- 
Bruce Schneier expects the Spanish Inquisition.
      http://geekz.co.uk/schneierfacts/fact/163

Attachment: signature.asc
Description: Digital signature

Reply via email to