On Fri, Apr 28, 2006 at 02:33:36PM +0200, Mikkel Kruse Johnsen wrote: > Hi Claudio > > Just had to switch to a test server, therefore the delay. > > Here it is. First a normal mail send to my account 'mkj' at domain > 'norrehus.dk' > > --- > 2006-04-28 14:28:45.855822500 tcpserver: status: 1/40 > 2006-04-28 14:28:45.856021500 tcpserver: pid 11549 from 81.19.227.226 > 2006-04-28 14:28:45.856109500 tcpserver: ok 11549 > 0:80.165.0.78:25 :81.19.227.226::56134 > 2006-04-28 14:28:45.867537500 qmail-smtpd 11549: connection from > 81.19.227.226 (unknown) to 0 > 2006-04-28 14:28:45.867568500 qmail-smtpd 11549: enabled options: > sanitycheck returnmxcheck rcptcheck smtp-auth rejectexecutables > 2006-04-28 14:28:45.876788500 qmail-smtpd 11549: remote ehlo: linet.dk > 2006-04-28 14:28:45.887383500 qmail-smtpd 11549: mail from: > [EMAIL PROTECTED] > 2006-04-28 14:28:45.887385500 qmail-smtpd 11549: SPF not checked > 2006-04-28 14:28:45.906106500 qmail-smtpd 11549: rcpt to: > [EMAIL PROTECTED] > 2006-04-28 14:28:45.906148500 qmail-smtpd 11549: recipient verify, > recipient not in goodmailaddr > 2006-04-28 14:28:45.906150500 qmail-smtpd 11549: recipient verify, > recipient is local > 2006-04-28 14:28:45.908379500 init_ldap: control/ldapserver: > 'ldap.orholm.dk' > 2006-04-28 14:28:45.908404500 init_ldap: control/ldapbasedn: > dc=orholm,dc=dk > 2006-04-28 14:28:45.908419500 init_ldap: control/ldapobjectclass: > qmailuser > 2006-04-28 14:28:45.908421500 init_ldap: control/ldaptimeout: 30 > 2006-04-28 14:28:45.908437500 init_ldap: control/ldaprebind: 0 > 2006-04-28 14:28:45.908474500 init_ldap: control/ldapdefaultdotmode: > dotonly > 2006-04-28 14:28:45.908490500 init_ldap: control/defaultquotasize: 0 > 2006-04-28 14:28:45.908492500 init_ldap: control/defaultquotacount: 0 > 2006-04-28 14:28:45.908508500 init: control/ldaplocaldelivery: 1 > 2006-04-28 14:28:45.908525500 qmail-verfiy: verifying [EMAIL PROTECTED] > 2006-04-28 14:28:45.934692500 qldap_open: init successful > 2006-04-28 14:28:45.934724500 qldap_set_option: set referrals successful > 2006-04-28 14:28:45.936155500 qldap_bind: successful > 2006-04-28 14:28:45.936194500 ldapfilter: > '(&(objectClass=qmailuser)(|([EMAIL PROTECTED])([EMAIL PROTECTED])))' > 2006-04-28 14:28:45.936790500 qldap_lookup: search for > (&(objectClass=qmailuser)(|([EMAIL PROTECTED])([EMAIL PROTECTED]))) succeeded > 2006-04-28 14:28:45.936822500 qldap_get_attr(accountStatus): no such > attribute > 2006-04-28 14:28:45.936839500 qmail-smtpd 11549: recipient verify OK > 2006-04-28 14:28:45.945606500 qmail-smtpd 11549: go ahead > 2006-04-28 14:28:45.955221500 qmail-smtpd 11549: DDC saved 23 percent > 2006-04-28 14:28:45.984379500 qmail-smtpd 11549: message queued: > 1146227325 qp 11551 size 211 bytes > 2006-04-28 14:28:46.011376500 qmail-smtpd 11549: quit, closing > connection > 2006-04-28 14:28:46.011630500 tcpserver: end 11549 status 0 > 2006-04-28 14:28:46.011633500 tcpserver: status: 0/40 > --- > > > Now send to 'mkj' dash something: > > --- > 2006-04-28 14:29:12.081165500 tcpserver: status: 1/40 > 2006-04-28 14:29:12.081362500 tcpserver: pid 11555 from 81.19.227.226 > 2006-04-28 14:29:12.081454500 tcpserver: ok 11555 > 0:80.165.0.78:25 :81.19.227.226::56141 > 2006-04-28 14:29:12.083662500 qmail-smtpd 11555: connection from > 81.19.227.226 (unknown) to 0 > 2006-04-28 14:29:12.083667500 qmail-smtpd 11555: enabled options: > sanitycheck returnmxcheck rcptcheck smtp-auth rejectexecutables > 2006-04-28 14:29:12.093757500 qmail-smtpd 11555: remote ehlo: linet.dk > 2006-04-28 14:29:12.104566500 qmail-smtpd 11555: mail from: > [EMAIL PROTECTED] > 2006-04-28 14:29:12.104569500 qmail-smtpd 11555: SPF not checked > 2006-04-28 14:29:12.114418500 qmail-smtpd 11555: rcpt to: > [EMAIL PROTECTED] > 2006-04-28 14:29:12.114485500 qmail-smtpd 11555: recipient verify, > recipient not in goodmailaddr > 2006-04-28 14:29:12.114488500 qmail-smtpd 11555: recipient verify, > recipient is local > 2006-04-28 14:29:12.116658500 init_ldap: control/ldapserver: > 'ldap.orholm.dk' > 2006-04-28 14:29:12.116685500 init_ldap: control/ldapbasedn: > dc=orholm,dc=dk > 2006-04-28 14:29:12.116701500 init_ldap: control/ldapobjectclass: > qmailuser > 2006-04-28 14:29:12.116704500 init_ldap: control/ldaptimeout: 30 > 2006-04-28 14:29:12.116705500 init_ldap: control/ldaprebind: 0 > 2006-04-28 14:29:12.116751500 init_ldap: control/ldapdefaultdotmode: > dotonly > 2006-04-28 14:29:12.116768500 init_ldap: control/defaultquotasize: 0 > 2006-04-28 14:29:12.116770500 init_ldap: control/defaultquotacount: 0 > 2006-04-28 14:29:12.116786500 init: control/ldaplocaldelivery: 1 > 2006-04-28 14:29:12.116803500 qmail-verfiy: verifying > [EMAIL PROTECTED] > 2006-04-28 14:29:12.117289500 qldap_open: init successful > 2006-04-28 14:29:12.117317500 qldap_set_option: set referrals successful > 2006-04-28 14:29:12.118064500 qldap_bind: successful > 2006-04-28 14:29:12.118095500 ldapfilter: > '(&(objectClass=qmailuser)(|([EMAIL PROTECTED])([EMAIL PROTECTED])))' > 2006-04-28 14:29:12.118682500 qldap_lookup: search for > (&(objectClass=qmailuser)(|([EMAIL PROTECTED])([EMAIL PROTECTED]))) succeeded > 2006-04-28 14:29:12.118713500 qldap_lookup: Nothing found > 2006-04-28 14:29:12.118715500 ldapfilter: > '(&(objectClass=qmailuser)(|([EMAIL PROTECTED])([EMAIL PROTECTED])))' > 2006-04-28 14:29:12.119252500 qldap_lookup: search for > (&(objectClass=qmailuser)(|([EMAIL PROTECTED])([EMAIL PROTECTED]))) succeeded > 2006-04-28 14:29:12.119262500 qldap_lookup: Nothing found > 2006-04-28 14:29:12.120204500 qmail-smtpd 11555: recipient verify OK > 2006-04-28 14:29:12.129278500 qmail-smtpd 11555: go ahead > 2006-04-28 14:29:12.138673500 qmail-smtpd 11555: DDC saved 24 percent > 2006-04-28 14:29:12.142821500 qmail-smtpd 11555: message queued: > 1146227352 qp 11557 size 226 bytes > 2006-04-28 14:29:12.151964500 qmail-smtpd 11555: quit, closing > connection > 2006-04-28 14:29:12.152525500 tcpserver: end 11555 status 0 > 2006-04-28 14:29:12.152528500 tcpserver: status: 0/40 > --- >
I bet you have a local mkj account on your mailserver and lcoaldelivery is turned on so the mail is accepted because qmail-verify does not check if the local user has a .qmail-whatever file. > Finally a test send to a non existing user: > > --- > 2006-04-28 14:29:44.284641500 tcpserver: status: 1/40 > 2006-04-28 14:29:44.285273500 tcpserver: pid 11562 from 81.19.227.226 > 2006-04-28 14:29:44.285356500 tcpserver: ok 11562 > 0:80.165.0.78:25 :81.19.227.226::56145 > 2006-04-28 14:29:44.287479500 qmail-smtpd 11562: connection from > 81.19.227.226 (unknown) to 0 > 2006-04-28 14:29:44.287484500 qmail-smtpd 11562: enabled options: > sanitycheck returnmxcheck rcptcheck smtp-auth rejectexecutables > 2006-04-28 14:29:44.296241500 qmail-smtpd 11562: remote ehlo: linet.dk > 2006-04-28 14:29:44.307531500 qmail-smtpd 11562: mail from: > [EMAIL PROTECTED] > 2006-04-28 14:29:44.307533500 qmail-smtpd 11562: SPF not checked > 2006-04-28 14:29:44.316910500 qmail-smtpd 11562: rcpt to: > [EMAIL PROTECTED] > 2006-04-28 14:29:44.316947500 qmail-smtpd 11562: recipient verify, > recipient not in goodmailaddr > 2006-04-28 14:29:44.316951500 qmail-smtpd 11562: recipient verify, > recipient is local > 2006-04-28 14:29:44.319131500 init_ldap: control/ldapserver: > 'ldap.orholm.dk' > 2006-04-28 14:29:44.319156500 init_ldap: control/ldapbasedn: > dc=orholm,dc=dk > 2006-04-28 14:29:44.319159500 init_ldap: control/ldapobjectclass: > qmailuser > 2006-04-28 14:29:44.319215500 init_ldap: control/ldaptimeout: 30 > 2006-04-28 14:29:44.319217500 init_ldap: control/ldaprebind: 0 > 2006-04-28 14:29:44.319233500 init_ldap: control/ldapdefaultdotmode: > dotonly > 2006-04-28 14:29:44.319249500 init_ldap: control/defaultquotasize: 0 > 2006-04-28 14:29:44.319251500 init_ldap: control/defaultquotacount: 0 > 2006-04-28 14:29:44.319253500 init: control/ldaplocaldelivery: 1 > 2006-04-28 14:29:44.319269500 qmail-verfiy: verifying > [EMAIL PROTECTED] > 2006-04-28 14:29:44.319766500 qldap_open: init successful > 2006-04-28 14:29:44.319794500 qldap_set_option: set referrals successful > 2006-04-28 14:29:44.320539500 qldap_bind: successful > 2006-04-28 14:29:44.320572500 ldapfilter: > '(&(objectClass=qmailuser)(|([EMAIL PROTECTED])([EMAIL PROTECTED])))' > 2006-04-28 14:29:44.321168500 qldap_lookup: search for > (&(objectClass=qmailuser)(|([EMAIL PROTECTED])([EMAIL PROTECTED]))) succeeded > 2006-04-28 14:29:44.321201500 qldap_lookup: Nothing found > 2006-04-28 14:29:44.321202500 ldapfilter: > '(&(objectClass=qmailuser)(|([EMAIL PROTECTED])([EMAIL PROTECTED])))' > 2006-04-28 14:29:44.321741500 qldap_lookup: search for > (&(objectClass=qmailuser)(|([EMAIL PROTECTED])([EMAIL PROTECTED]))) succeeded > 2006-04-28 14:29:44.321745500 qldap_lookup: Nothing found > 2006-04-28 14:29:44.323092500 qmail-smtpd 11562: bad recipient: > [EMAIL PROTECTED] > 2006-04-28 14:29:44.323096500 qmail-smtpd 11562: message denied: Sorry, > no mailbox here by that name. (#5.1.1) > 2006-04-28 14:29:44.332185500 qmail-smtpd 11562: quit, closing > connection > 2006-04-28 14:29:44.332989500 tcpserver: end 11562 status 0 > 2006-04-28 14:29:44.332992500 tcpserver: status: 0/40 > --- > > Hope this help. > > /Mikkel > > > On Wed, 2006-04-26 at 13:56 +0200, Claudio Jeker wrote: > > > On Wed, Apr 26, 2006 at 01:09:15PM +0200, Mikkel Kruse Johnsen wrote: > > > Hej Claudio > > > > > > I'm using the newest 20060201 patch. > > > > > > /Mikkel > > > > > > Just to verify that I have processed the tcprules, as you can see it > > > works for non existing users. > > > > > > > Can you build a qmail-ldap version with DEBUG and send me the output of > > qmail-smtpd when run with LOGLEVEL 255 (you only need to replace > > qmail-verify with a debug version). > > > > > -- > > > 2006-04-26 13:07:00.738381500 tcpserver: pid 31358 from 130.226.47.171 > > > 2006-04-26 13:07:00.738383500 tcpserver: ok 31358 > > > 0:192.38.9.203:25 :130.226.47.171::42908 > > > 2006-04-26 13:07:00.740976500 qmail-smtpd 31358: connection from > > > 130.226.47.171 (unknown) to 0 > > > 2006-04-26 13:07:00.740981500 qmail-smtpd 31358: enabled options: > > > sanitycheck returnmxcheck spfbehavior-fail(3) rblcheck rcptcheck > > > smtp-auth rejectexecutables > > > 2006-04-26 13:07:00.743433500 qmail-smtpd 31358: remote ehlo: > > > mail.cbs.dk > > > 2006-04-26 13:07:00.745881500 qmail-smtpd 31358: mail from: > > > [EMAIL PROTECTED] > > > 2006-04-26 13:07:00.753028500 qmail-smtpd 31358: SPF checking comleted > > > 2006-04-26 13:07:00.914284500 qmail-smtpd 31358: RBL check with > > > 'sbl.spamhaus.org': no match found, continue. > > > 2006-04-26 13:07:00.967662500 qmail-smtpd 31358: RBL check with > > > 'relays.ordb.org': no match found, continue. > > > 2006-04-26 13:07:01.014700500 qmail-smtpd 31358: RBL check with > > > 'list.dsbl.org': no match found, continue. > > > 2006-04-26 13:07:01.062368500 qmail-smtpd 31358: RBL check with > > > 'bl.spamcop.net': no match found, continue. > > > 2006-04-26 13:07:01.066974500 qmail-smtpd 31358: RBL check with > > > 'relays.ordb.org': no match found, continue. > > > 2006-04-26 13:07:01.197600500 qmail-smtpd 31358: RBL check with > > > 'spamguard.leadmon.net': no match found, continue. > > > 2006-04-26 13:07:01.197633500 qmail-smtpd 31358: RBL checking completed > > > 2006-04-26 13:07:01.258659500 qmail-smtpd 31358: rcpt to: > > > [EMAIL PROTECTED] > > > 2006-04-26 13:07:01.258708500 qmail-smtpd 31358: recipient verify, > > > recipient not in goodmailaddr > > > 2006-04-26 13:07:01.258735500 qmail-smtpd 31358: recipient verify, > > > recipient is local > > > 2006-04-26 13:07:01.288559500 qmail-smtpd 31358: bad recipient: > > > [EMAIL PROTECTED] > > > 2006-04-26 13:07:01.288609500 qmail-smtpd 31358: message denied: Sorry, > > > no mailbox here by that name. (#5.1.1) > > > 2006-04-26 13:07:01.289293500 qmail-smtpd 31358: 'rcpt to' first > > > 2006-04-26 13:07:01.462654500 qmail-smtpd 31358: quit, closing > > > connection > > > 2006-04-26 13:07:01.463029500 tcpserver: end 31358 status 0 > > > -- > > > 2006-04-26 13:08:29.624461500 tcpserver: pid 31366 from 130.226.47.171 > > > 2006-04-26 13:08:29.624463500 tcpserver: ok 31366 > > > 0:192.38.9.203:25 :130.226.47.171::42924 > > > 2006-04-26 13:08:29.624466500 qmail-smtpd 31366: connection from > > > 130.226.47.171 (unknown) to 0 > > > 2006-04-26 13:08:29.624469500 qmail-smtpd 31366: enabled options: > > > sanitycheck returnmxcheck spfbehavior-fail(3) rblcheck rcptcheck > > > smtp-auth rejectexecutables > > > 2006-04-26 13:08:29.625531500 qmail-smtpd 31366: remote ehlo: > > > mail.cbs.dk > > > 2006-04-26 13:08:29.628063500 qmail-smtpd 31366: mail from: > > > [EMAIL PROTECTED] > > > 2006-04-26 13:08:29.635120500 qmail-smtpd 31366: SPF checking comleted > > > 2006-04-26 13:08:29.640110500 qmail-smtpd 31366: RBL check with > > > 'sbl.spamhaus.org': no match found, continue. > > > 2006-04-26 13:08:29.693464500 qmail-smtpd 31366: RBL check with > > > 'relays.ordb.org': no match found, continue. > > > 2006-04-26 13:08:29.740485500 qmail-smtpd 31366: RBL check with > > > 'list.dsbl.org': no match found, continue. > > > 2006-04-26 13:08:29.775458500 qmail-smtpd 31366: RBL check with > > > 'bl.spamcop.net': no match found, continue. > > > 2006-04-26 13:08:29.780042500 qmail-smtpd 31366: RBL check with > > > 'relays.ordb.org': no match found, continue. > > > 2006-04-26 13:08:29.784725500 qmail-smtpd 31366: RBL check with > > > 'spamguard.leadmon.net': no match found, continue. > > > 2006-04-26 13:08:29.784756500 qmail-smtpd 31366: RBL checking completed > > > 2006-04-26 13:08:29.811783500 qmail-smtpd 31366: rcpt to: > > > [EMAIL PROTECTED] > > > 2006-04-26 13:08:29.811823500 qmail-smtpd 31366: recipient verify, > > > recipient not in goodmailaddr > > > 2006-04-26 13:08:29.811850500 qmail-smtpd 31366: recipient verify, > > > recipient is local > > > 2006-04-26 13:08:29.850975500 qmail-smtpd 31366: bad recipient: > > > [EMAIL PROTECTED] > > > 2006-04-26 13:08:29.851027500 qmail-smtpd 31366: message denied: Sorry, > > > no mailbox here by that name. (#5.1.1) > > > 2006-04-26 13:08:29.851717500 qmail-smtpd 31366: 'rcpt to' first > > > 2006-04-26 13:08:30.037195500 qmail-smtpd 31366: quit, closing > > > connection > > > 2006-04-26 13:08:30.037567500 tcpserver: end 31366 status 0 > > > 2006-04-26 13:08:30.037569500 tcpserver: status: 0/40 > > > -- > > > > > > > > > On Wed, 2006-04-26 at 12:24 +0200, Claudio Jeker wrote: > > > > > > > On Wed, Apr 26, 2006 at 08:59:11AM +0200, Claudio Jeker wrote: > > > > > On Wed, Apr 26, 2006 at 08:49:27AM +0200, Mikkel Kruse Johnsen wrote: > > > > > > Hi > > > > > > > > > > > > I have a problem, have just been pointed out that my qmail ldap is > > > > > > an > > > > > > reverse open relay, meaning that sending a mail to a non existing > > > > > > user > > > > > > on my domain will result i a bounce to the "mail from:" address and > > > > > > that > > > > > > can be faked. > > > > > > > > > > > > So adding "RCPTCHECK" to the environment should do it. > > > > > > > > > > > > > > > > > > :allow,SMTPAUTH="",RETURNMXCHECK="",SANITYCHECK="",RCPTCHECK="",REJECTEXEC="",QHPSI="/usr/bin/clamdscan",QHPSIARG1="--no-summary",LOGLEVEL="4" > > > > > > > > > > > > That will make the SMTP connection disconnect if the user is not in > > > > > > the > > > > > > LDAP. > > > > > > > > > > > > But sending a mail to a valid user with "-something" after like > > > > > > "[EMAIL PROTECTED]" will get accepted. I have compiled without > > > > > > DASH_EXT. > > > > > > > > > > > > What could be the problem ? > > > > > > > > > > > > > > > > Hmpf. Smells like a bug. I'll have a look at it. > > > > > > > > > > > > > I can not reproduce it. > > > > > > > > 250 ok > > > > rcpt to: <[EMAIL PROTECTED]> > > > > qmail-smtpd 20924: rcpt to: [EMAIL PROTECTED] > > > > qmail-smtpd 20924: recipient verify, recipient not in goodmailaddr > > > > qmail-smtpd 20924: recipient verify, recipient is local > > > > qmail-smtpd 20924: bad recipient: [EMAIL PROTECTED] > > > > qmail-smtpd 20924: message denied: Sorry, no mailbox here by that name. > > > > (#5.1.1) > > > > 554 Sorry, no mailbox here by that name. (#5.1.1) > > > > > > > > What version of qmail-ldap are you using? > > > > > > > > > > Mikkel Kruse Johnsen > > > Linet > > > Ørholmgade 6 st tv > > > 2200 København N > > > > > > Tlf: +45 2128 7793 > > > email: [EMAIL PROTECTED] > > > www: http://www.linet.dk > > > > Med Venlig Hilsen > > Linet > Tlf: > 21287793 > Mikkel Kruse Johnsen > Direkte: > 21287793 > Ørholmgade 6 st. tv > email: > [EMAIL PROTECTED] > DK-2200 København N > web: > http://www.linet.dk > > -- :wq Claudio
