> On 07 Apr 2016, at 16:41, Michiel van Es <m...@pragmasec.nl> wrote: > > >> On 07 Apr 2016, at 16:37, Michiel van Es <m...@pragmasec.nl> wrote: >> >> >>> On 07 Apr 2016, at 16:05, Joerg Jung <m...@umaxx.net> wrote: >>> >>> >>>> On 07 Apr 2016, at 14:47, Michiel van Es <m...@pragmasec.nl> wrote: >>>> >>>> >>>>> On 07 Apr 2016, at 14:40, Joerg Jung <m...@umaxx.net> wrote: >>>>> >>>>> >>>>>> On 07 Apr 2016, at 13:13, Michiel van Es <m...@pragmasec.nl> wrote: >>>>>>> On 07 Apr 2016, at 12:59, Joerg Jung <m...@umaxx.net> wrote: >>>>>>> >>>>>>> Ok... that makes sense now. >>>>>>> -2 seems to be EAI_NONAME which seems to be the error code specific on >>>>>>> Ubuntu libc for NXDOMAIN replies, instead of EAI_NODATA. >>>>>>> >>>>>>> These error codes and related RFCs are subject to a lot of discussions. >>>>>>> See here to get an idea: >>>>>>> https://sourceware.org/bugzilla/show_bug.cgi?id=15726 >>>>>>> Especially, note the cross references to Ubuntu bugs ... >>>>>>> >>>>>>> Instead of trying to fit all distribution specific changes, >>>>>>> the easiest might be to change the logic here and check for the >>>>>>> returned >>>>>>> address not being empty -- instead of errno. >>>>>>> >>>>>>> I'll try to come up with a proper diff to fix this, but give me some >>>>>>> time as >>>>>>> I'm very busy currently. >>>>>>> >>>>>>> As quick fix: you can just change the if statement to: >>>>>>> if (ar->ar_gai_errno != EAI_NODATA && ar->ar_gai_errno != EAI_NONAME) { >>>>>> >>>>>> like this? => >>>>> >>>>> yes. >>>>> >>>>>> dnsbl_event_dispatch(struct asr_result *ar, void *arg) >>>>>> { >>>>>> uint64_t *q = arg; >>>>>> >>>>>> if (ar->ar_addrinfo) >>>>>> freeaddrinfo(ar->ar_addrinfo); >>>>>> log_warnx("warn: DEBUG: ar_gai_errno=%d, EAI_NODATA=%d", >>>>>> ar->ar_gai_errno, EAI_NODATA); >>>>>> if (ar->ar_gai_errno != EAI_NODATA && ar->ar_gai_errno != EAI_NONAME) { >>>>>> log_warnx("warn: session %016"PRIx64": event_dispatch: REJECT >>>>>> address ar_gai_errno=%d", *q, ar->ar_gai_errno); >>>>>> filter_api_reject_code(*q, FILTER_CLOSE, 554, "5.7.1 Address in >>>>>> DNSBL"); >>>>>> } else >>>>>> filter_api_accept(*q); >>>>>> free(q); >>>>>> } >>>>>> >>>>>>> ... and it should start working as expected. Can you confirm that, >>>>>>> please? >>>>>> >>>>>> if above is correct, it did not work: >>>>>> >>>>>> dnsbl[26098]: warn: DEBUG: ar_gai_errno=-5, EAI_NODATA=-2 >>>>>> dnsbl[26098]: warn: session de57c06bd67994d3: event_dispatch: REJECT >>>>>> address ar_gai_errno=-5 >>>>>> filter: imsg IMSG_FILTER_RESPONSE from procfilter >>>>>> dnsbl[hooks=0xffffffff,flags=0x0000] >>>>>> filter: filter_drain_query de57c06c3dc0ecca[QUERY_CONNECT=178.21.114.197 >>>>>> <-> >>>>>> 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x1588030[datalen=0,eom=(nil),ofile=(nil)]] >>>>>> filter: filter_end_query de57c06c3dc0ecca[QUERY_CONNECT=178.21.114.197 >>>>>> <-> >>>>>> 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x1588030[datalen=0,eom=(nil),ofile=(nil)]] >>>>>> filter: query de57c06c3dc0ecca done: status=FILTER_CLOSE code=554 >>>>>> response="5.7.1 Address in DNSBL" >>>>>> smtp-in: Failed command on session de57c06bd67994d3: "" => 554 5.7.1 >>>>>> Address in DNSBL >>>>>> smtp-in: Closing session de57c06bd67994d3 >>>>>> debug: smtp: 0x1655cf0: deleting session: done >>>>>> filter: post-event event=EVENT_DISCONNECT filter=dnsbl >>>>>> ^Cinfo: queue handler exiting >>>>>> info: scheduler handler exiting >>>>>> info: ca agent exiting >>>>>> warn: control -> queue: pipe closed >>>>>> warn: lka -> queue: pipe closed >>>>>> strace: Process 26091 detached >>>>>> >>>>> >>>>> Ok can change the added DEBUG line right before the if statement once >>>>> again to: >>>>> >>>>> log_warnx("warn: DEBUG: ar_gai_errno=%d, EAI_NODATA=%d, EAI_NONAME=%d, >>>>> gai_strerror=‘%s'", ar->ar_gai_errno, EAI_NODATA, EAI_NONAME, >>>>> gai_strerror(ar->ar_gai_errno)); >>>>> >>>>> … and show me output? >>>> >>>> debug: smtp: new client on listener: 0x1a90130 >>>> smtp-in: New session 1dc609e7cb3551c5 from host pro-mail-smtp-001.bol.com >>>> [185.14.168.222] >>>> filter: post-event event=EVENT_CONNECT filter=dnsbl >>>> filter: new query QUERY_CONNECT >>>> filter: filter_drain_query 1dc609e878b913e8[QUERY_CONNECT=178.21.114.197 >>>> <-> >>>> 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x1a7f030[datalen=0,eom=(nil),ofile=(nil)]] >>>> filter: running filter filter:dnsbl[hooks=0xffffffff,flags=0x0000] for >>>> query 1dc609e878b913e8[QUERY_CONNECT=178.21.114.197 <-> >>>> 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x1a7f030[datalen=0,eom=(nil),ofile=(nil)]] >>>> filter: waiting for running query >>>> 1dc609e878b913e8[QUERY_CONNECT=178.21.114.197 <-> >>>> 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x1a7f030[datalen=0,eom=(nil),ofile=(nil)]] >>>> dnsbl[27129]: debug: on_connect: checking 222.168.14.185.psbl.surriel.com. >>>> >>>> dnsbl[27129]: warn: DEBUG: ar_gai_errno=-5, EAI_NODATA=-2, EAI_NONAME=-2, >>>> gai_strerror=‘No address associated with hostname' >>>> dnsbl[27129]: warn: session 1dc609e7cb3551c5: event_dispatch: REJECT >>>> address ar_gai_errno=-5 >>>> filter: imsg IMSG_FILTER_RESPONSE from procfilter >>>> dnsbl[hooks=0xffffffff,flags=0x0000] >>>> filter: filter_drain_query 1dc609e878b913e8[QUERY_CONNECT=178.21.114.197 >>>> <-> >>>> 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x1a7f030[datalen=0,eom=(nil),ofile=(nil)]] >>>> filter: filter_end_query 1dc609e878b913e8[QUERY_CONNECT=178.21.114.197 <-> >>>> 185.14.168.222(pro-mail-smtp-001.bol.com),filter_session@0x1a7f030[datalen=0,eom=(nil),ofile=(nil)]] >>>> filter: query 1dc609e878b913e8 done: status=FILTER_CLOSE code=554 >>>> response="5.7.1 Address in DNSBL" >>>> smtp-in: Failed command on session 1dc609e7cb3551c5: "" => 554 5.7.1 >>>> Address in DNSBL >>>> smtp-in: Closing session 1dc609e7cb3551c5 >>>> debug: smtp: 0x1b4ccf0: deleting session: done >>>> filter: post-event event=EVENT_DISCONNECT filter=dnsbl >>> >>> Wow… what a mess, I think this is what is happening: >>> >>> - EAI_NODATA is usually -5 aka "No address associated with hostname". >>> >>> - Ubuntu eglibc seems to guard EAI_NODATA behind a #ifdef _GNU_SOURCE in >>> netdb.h, >>> so you may do not have it defined at all. >>> (- Nevertheless the error string is given with gai_strerror() anyway, no >>> matter that EAI_NODATA is not there.) >>> >>> - in case EAI_NODATA is not defined opensmtpd-extras defines EAI_NODATA == >>> EAI_NONAME == -2 in configure.ac >>> -> I think this is wrong and should be done as last resort. The better >>> solution should be to define _GNU_SOURCE to >>> receive EAI_NODATA from standard netdb.h. Can you try the following please: >>> >>> Add the following CFLAGS line to filter-dnsbl Makefile.am line 10: >>> https://github.com/OpenSMTPD/OpenSMTPD-extras/blob/master/extras/wip/filters/filter-dnsbl/Makefile.am >>> >>> CFLAGS += -D_GNU_SOURCE >>> >>> Rebuild everything — it’s important to clear the whole configure cache and >>> re-run sh bootstrap fully, so that this _GNU_SOURCE ends up in the Makefile. >>> >>> Let me know if this helps and fixes the issue. >> >> So: >> >> 1) the Makefile.am looks like this then: >> >> include $(top_srcdir)/mk/wip.mk >> include $(top_srcdir)/mk/filter.mk >> >> pkglibexec_PROGRAMS = filter-dnsbl >> >> filter_dnsbl_SOURCES = $(SRCS) >> filter_dnsbl_SOURCES += filter_dnsbl.c >> >> man_MANS = filter-dnsbl.8 >> CFLAGS += -D_GNU_SOURCE >> if !NO_LIBASR >> LDADD += -lasr >> endif >> >> 2) make clean in OpenSMTP-Extras >> 3)rebuild with ./bootstrap;./configure --with-filter*;make;make install >> 4)test again? >> > > did a make uninstall after adding the Makefile.am line as instructed, > ./bootstrap;./configure —with-filter-*;make;make install > retested but still no go: > > debug: smtp: new client on listener: 0xebd0f0 > smtp-in: New session 141e1ab081a9e56f from host pro-mail-smtp-002.bol.com > [185.14.169.222] > filter: post-event event=EVENT_CONNECT filter=dnsbl > filter: new query QUERY_CONNECT > filter: filter_drain_query 141e1ab15e6c4024[QUERY_CONNECT=178.21.114.197 <-> > 185.14.169.222(pro-mail-smtp-002.bol.com),filter_session@0xeabff0[datalen=0,eom=(nil),ofile=(nil)]] > filter: running filter filter:dnsbl[hooks=0xffffffff,flags=0x0000] for query > 141e1ab15e6c4024[QUERY_CONNECT=178.21.114.197 <-> > 185.14.169.222(pro-mail-smtp-002.bol.com),filter_session@0xeabff0[datalen=0,eom=(nil),ofile=(nil)]] > filter: waiting for running query > 141e1ab15e6c4024[QUERY_CONNECT=178.21.114.197 <-> > 185.14.169.222(pro-mail-smtp-002.bol.com),filter_session@0xeabff0[datalen=0,eom=(nil),ofile=(nil)]] > dnsbl[2010]: debug: on_connect: checking 222.169.14.185.psbl.surriel.com. > dnsbl[2010]: warn: DEBUG: ar_gai_errno=-5, EAI_NODATA=-2, EAI_NONAME=-2, > gai_strerror=‘No address associated with hostname' > dnsbl[2010]: warn: session 141e1ab081a9e56f: event_dispatch: REJECT address > ar_gai_errno=-5 > filter: imsg IMSG_FILTER_RESPONSE from procfilter > dnsbl[hooks=0xffffffff,flags=0x0000] > filter: filter_drain_query 141e1ab15e6c4024[QUERY_CONNECT=178.21.114.197 <-> > 185.14.169.222(pro-mail-smtp-002.bol.com),filter_session@0xeabff0[datalen=0,eom=(nil),ofile=(nil)]] > filter: filter_end_query 141e1ab15e6c4024[QUERY_CONNECT=178.21.114.197 <-> > 185.14.169.222(pro-mail-smtp-002.bol.com),filter_session@0xeabff0[datalen=0,eom=(nil),ofile=(nil)]] > filter: query 141e1ab15e6c4024 done: status=FILTER_CLOSE code=554 > response="5.7.1 Address in DNSBL" > smtp-in: Failed command on session 141e1ab081a9e56f: "" => 554 5.7.1 Address > in DNSBL > smtp-in: Closing session 141e1ab081a9e56f > debug: smtp: 0xf79cb0: deleting session: done > filter: post-event event=EVENT_DISCONNECT filter=dnsbl
I also tried Debian Jessie but run into a lot of issues with OpenSMTPD libressl and libasr issues.. CentOS 7 was a complete mess so I am stuck with this error on Ubuntu 16.04 ;) > >> >>> >>> However as written earlier, all this is just quick-fix. Better solution >>> would be IMHO to NOT rely on gai errno at all. >>> I’ll try to come up with a better fix soon. I am interested in the quick fix or a complete fix ;) >>> >>> >>> >>> >>> >>> -- >>> You received this mail because you are subscribed to misc@opensmtpd.org >>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >>> >> >> >> -- >> You received this mail because you are subscribed to misc@opensmtpd.org >> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >> > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
