> On 07 Apr 2016, at 14:47, Michiel van Es <m...@pragmasec.nl> wrote: > > >> On 07 Apr 2016, at 14:40, Joerg Jung <m...@umaxx.net> wrote: >> >> >>> On 07 Apr 2016, at 13:13, Michiel van Es <m...@pragmasec.nl> wrote: >>>> On 07 Apr 2016, at 12:59, Joerg Jung <m...@umaxx.net> wrote: >>>> >>>> Ok... that makes sense now. >>>> -2 seems to be EAI_NONAME which seems to be the error code specific on >>>> Ubuntu libc for NXDOMAIN replies, instead of EAI_NODATA. >>>> >>>> These error codes and related RFCs are subject to a lot of discussions. >>>> See here to get an idea: >>>> https://sourceware.org/bugzilla/show_bug.cgi?id=15726 >>>> Especially, note the cross references to Ubuntu bugs ... >>>> >>>> Instead of trying to fit all distribution specific changes, >>>> the easiest might be to change the logic here and check for the returned >>>> address not being empty -- instead of errno. >>>> >>>> I'll try to come up with a proper diff to fix this, but give me some time >>>> as >>>> I'm very busy currently. >>>> >>>> As quick fix: you can just change the if statement to: >>>> if (ar->ar_gai_errno != EAI_NODATA && ar->ar_gai_errno != EAI_NONAME) { >>> >>> like this? => >> >> yes. >> >>> dnsbl_event_dispatch(struct asr_result *ar, void *arg) >>> { >>> uint64_t *q = arg; >>> >>> if (ar->ar_addrinfo) >>> freeaddrinfo(ar->ar_addrinfo); >>> log_warnx("warn: DEBUG: ar_gai_errno=%d, EAI_NODATA=%d", >>> ar->ar_gai_errno, EAI_NODATA); >>> if (ar->ar_gai_errno != EAI_NODATA && ar->ar_gai_errno != EAI_NONAME) { >>> log_warnx("warn: session %016"PRIx64": event_dispatch: REJECT >>> address ar_gai_errno=%d", *q, ar->ar_gai_errno); >>> filter_api_reject_code(*q, FILTER_CLOSE, 554, "5.7.1 Address >>> in DNSBL"); >>> } else >>> filter_api_accept(*q); >>> free(q); >>> } >>> >>>> ... and it should start working as expected. Can you confirm that, please? >>> >>> if above is correct, it did not work: >>> >>> dnsbl[26098]: warn: DEBUG: ar_gai_errno=-5, EAI_NODATA=-2 >>> dnsbl[26098]: warn: session de57c06bd67994d3: event_dispatch: REJECT >>> address ar_gai_errno=-5 >>> filter: imsg IMSG_FILTER_RESPONSE from procfilter >>> dnsbl[hooks=0xffffffff,flags=0x0000] >>> filter: filter_drain_query de57c06c3dc0ecca[QUERY_CONNECT=178.21.114.197 >>> <-> >>> 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x1588030[datalen=0,eom=(nil),ofile=(nil)]] >>> filter: filter_end_query de57c06c3dc0ecca[QUERY_CONNECT=178.21.114.197 <-> >>> 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x1588030[datalen=0,eom=(nil),ofile=(nil)]] >>> filter: query de57c06c3dc0ecca done: status=FILTER_CLOSE code=554 >>> response="5.7.1 Address in DNSBL" >>> smtp-in: Failed command on session de57c06bd67994d3: "" => 554 5.7.1 >>> Address in DNSBL >>> smtp-in: Closing session de57c06bd67994d3 >>> debug: smtp: 0x1655cf0: deleting session: done >>> filter: post-event event=EVENT_DISCONNECT filter=dnsbl >>> ^Cinfo: queue handler exiting >>> info: scheduler handler exiting >>> info: ca agent exiting >>> warn: control -> queue: pipe closed >>> warn: lka -> queue: pipe closed >>> strace: Process 26091 detached >>> >> >> Ok can change the added DEBUG line right before the if statement once again >> to: >> >> log_warnx("warn: DEBUG: ar_gai_errno=%d, EAI_NODATA=%d, EAI_NONAME=%d, >> gai_strerror=‘%s'", ar->ar_gai_errno, EAI_NODATA, EAI_NONAME, >> gai_strerror(ar->ar_gai_errno)); >> >> … and show me output? > > debug: smtp: new client on listener: 0x1a90130 > smtp-in: New session 1dc609e7cb3551c5 from host pro-mail-smtp-001.bol.com > [185.14.168.222] > filter: post-event event=EVENT_CONNECT filter=dnsbl > filter: new query QUERY_CONNECT > filter: filter_drain_query 1dc609e878b913e8[QUERY_CONNECT=178.21.114.197 <-> > 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x1a7f030[datalen=0,eom=(nil),ofile=(nil)]] > filter: running filter filter:dnsbl[hooks=0xffffffff,flags=0x0000] for query > 1dc609e878b913e8[QUERY_CONNECT=178.21.114.197 <-> > 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x1a7f030[datalen=0,eom=(nil),ofile=(nil)]] > filter: waiting for running query > 1dc609e878b913e8[QUERY_CONNECT=178.21.114.197 <-> > 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x1a7f030[datalen=0,eom=(nil),ofile=(nil)]] > dnsbl[27129]: debug: on_connect: checking 222.168.14.185.psbl.surriel.com. > > dnsbl[27129]: warn: DEBUG: ar_gai_errno=-5, EAI_NODATA=-2, EAI_NONAME=-2, > gai_strerror=‘No address associated with hostname' > dnsbl[27129]: warn: session 1dc609e7cb3551c5: event_dispatch: REJECT address > ar_gai_errno=-5 > filter: imsg IMSG_FILTER_RESPONSE from procfilter > dnsbl[hooks=0xffffffff,flags=0x0000] > filter: filter_drain_query 1dc609e878b913e8[QUERY_CONNECT=178.21.114.197 <-> > 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x1a7f030[datalen=0,eom=(nil),ofile=(nil)]] > filter: filter_end_query 1dc609e878b913e8[QUERY_CONNECT=178.21.114.197 <-> > 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x1a7f030[datalen=0,eom=(nil),ofile=(nil)]] > filter: query 1dc609e878b913e8 done: status=FILTER_CLOSE code=554 > response="5.7.1 Address in DNSBL" > smtp-in: Failed command on session 1dc609e7cb3551c5: "" => 554 5.7.1 Address > in DNSBL > smtp-in: Closing session 1dc609e7cb3551c5 > debug: smtp: 0x1b4ccf0: deleting session: done > filter: post-event event=EVENT_DISCONNECT filter=dnsbl
Wow… what a mess, I think this is what is happening: - EAI_NODATA is usually -5 aka "No address associated with hostname". - Ubuntu eglibc seems to guard EAI_NODATA behind a #ifdef _GNU_SOURCE in netdb.h, so you may do not have it defined at all. (- Nevertheless the error string is given with gai_strerror() anyway, no matter that EAI_NODATA is not there.) - in case EAI_NODATA is not defined opensmtpd-extras defines EAI_NODATA == EAI_NONAME == -2 in configure.ac -> I think this is wrong and should be done as last resort. The better solution should be to define _GNU_SOURCE to receive EAI_NODATA from standard netdb.h. Can you try the following please: Add the following CFLAGS line to filter-dnsbl Makefile.am line 10: https://github.com/OpenSMTPD/OpenSMTPD-extras/blob/master/extras/wip/filters/filter-dnsbl/Makefile.am CFLAGS += -D_GNU_SOURCE Rebuild everything — it’s important to clear the whole configure cache and re-run sh bootstrap fully, so that this _GNU_SOURCE ends up in the Makefile. Let me know if this helps and fixes the issue. However as written earlier, all this is just quick-fix. Better solution would be IMHO to NOT rely on gai errno at all. I’ll try to come up with a better fix soon. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
