> On 07 Apr 2016, at 07:54, Michiel van Es <m...@pragmasec.nl> wrote:
>> On 07 Apr 2016, at 01:19, Joerg Jung <m...@umaxx.net> wrote:
>>
>> Nope, but you can try adding some more debug
>> logs in the filter source.
I fear we need to take this route now, I hope you are ready ;)
>> What asr version have you installed? Recent one?
>>
>> You can also do a tcpdump please, to see what
>> exactly goes over the wire (and comes back)?
>>
>> Also please temporarily disable all other filters, to
>> rule-out chain problems.
>
> I installed libasr, opensmtpd and OpenSMTPD-Extras from github to ensure the
> latest version.
>
> I use the following config to only use dnsbl:
>
> filter dnsbl dnsbl "-h" "psbl.surriel.com"
> filter filter-clamav clamav
> filter all chain dnsbl
> filter sub chain filter-clamav
> pki server.pragmasec.nl key
> "/etc/letsencrypt/archive/server.pragmasec.nl/privkey1.pem"
> pki server.pragmasec.nl certificate
> "/etc/letsencrypt/archive/server.pragmasec.nl/fullchain1.pem"
> listen on lo
> listen on ens3 port 25 filter all hostname server.pragmasec.nl tls pki
> server.pragmasec.nl
> listen on ens3 port 587 filter sub hostname server.pragmasec.nl tls-require
> pki server.pragmasec.nl auth mask-source
> expire 7d
> table vdomains "/usr/local/etc/vdomains"
> table vusers "/usr/local/etc/vusers"
> accept from any for domain <vdomains> virtual <vusers> deliver to mda
> "/usr/lib/dovecot/dovecot-lda -f %{sender} -a %{rcpt}"
> accept from local for any relay
>
> tcpdump of any traffic to psbl.surriel.org: (this seems useless as the
> traffic is only dns and goes to the forwarders via my dnsmasq local cache)
> tcpdump -i any | grep ’74.92.59.67'
>
> *nothing*
>
> the error with strace and running with smtpd -d -v -T filter:
>
> epoll_wait(3, debug: smtp: new client on listener: 0x79d0c0
> smtp-in: New session 71768b23cba98cf7 from host pro-mail-smtp-001.bol.com
> [185.14.168.222]
> filter: post-event event=EVENT_CONNECT filter=dnsbl
> filter: new query QUERY_CONNECT
> filter: filter_drain_query 71768b247df9084f[QUERY_CONNECT=178.21.114.197 <->
> 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x795bc0[datalen=0,eom=(nil),ofile=(nil)]]
> filter: running filter filter:dnsbl[hooks=0xffffffff,flags=0x0000] for query
> 71768b247df9084f[QUERY_CONNECT=178.21.114.197 <->
> 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x795bc0[datalen=0,eom=(nil),ofile=(nil)]]
> filter: waiting for running query
> 71768b247df9084f[QUERY_CONNECT=178.21.114.197 <->
> 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x795bc0[datalen=0,eom=(nil),ofile=(nil)]]
> dnsbl[22353]: debug: on_connect: checking 222.168.14.185.psbl.surriel.com.
> dnsbl[22353]: warn: session 71768b23cba98cf7: event_dispatch: REJECT address
> filter: imsg IMSG_FILTER_RESPONSE from procfilter
> dnsbl[hooks=0xffffffff,flags=0x0000]
> filter: filter_drain_query 71768b247df9084f[QUERY_CONNECT=178.21.114.197 <->
> 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x795bc0[datalen=0,eom=(nil),ofile=(nil)]]
> filter: filter_end_query 71768b247df9084f[QUERY_CONNECT=178.21.114.197 <->
> 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x795bc0[datalen=0,eom=(nil),ofile=(nil)]]
> filter: query 71768b247df9084f done: status=FILTER_CLOSE code=554
> response="5.7.1 Address in DNSBL"
> smtp-in: Failed command on session 71768b23cba98cf7: "" => 554 5.7.1 Address
> in DNSBL
> smtp-in: Closing session 71768b23cba98cf7
> debug: smtp: 0x859c80: deleting session: done
> filter: post-event event=EVENT_DISCONNECT filter=dnsbl
>
> dnsmasq logging:
>
> Apr 7 07:48:41 server dnsmasq[6018]: query[A]
> 222.168.14.185.psbl.surriel.com from 127.0.0.1
> Apr 7 07:48:41 server dnsmasq[6018]: forwarded
> 222.168.14.185.psbl.surriel.com to 95.85.9.86
> Apr 7 07:48:41 server dnsmasq[6018]: reply 222.168.14.185.psbl.surriel.com
> is NXDOMAIN
>
> any more pointers what could go wrong?
To me, this really looks like a bug/problem in libasr now (Ubuntu specific).
Despite the NXDOMAIN reply, this condition seems to become true for you:
https://github.com/OpenSMTPD/OpenSMTPD-extras/blob/master/extras/wip/filters/filter-dnsbl/filter_dnsbl.c#L44
The question is why does it become true und what is the value of:
ar->ar_gai_errno (and why has it this value).
Can you add/print the value to the log line please? For example:
log_warnx("warn: session %016"PRIx64": event_dispatch: REJECT address
ar_gai_errno=%d", *q, ar->ar_gai_errno);
You may also want to print further members of struct asr_result to see what is
going on.
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
