[jira] Resolved: (JAMES-566) Fastfail DNSRBL blacklisted messages are rejected even if the sender user is successfully SMTP AUTHenticated

[Vincenzo Gianferrari Pini (JIRA)]

     [ http://issues.apache.org/jira/browse/JAMES-566?page=all ]

Vincenzo Gianferrari Pini resolved JAMES-566.
---------------------------------------------

    Resolution: Fixed

The problem was in a misleading long boolean expression in RcptCmdHandler, that 
already gave us a similar problem in the past (in SMTPHandler), when it was 
used for controlling the logic for outbound mail, a few lines of code down. The 
code for the latter logic was fixed, but not the blacklist logic.

> Fastfail DNSRBL blacklisted messages are rejected even if the sender user is 
> successfully SMTP AUTHenticated
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: JAMES-566
>                 URL: http://issues.apache.org/jira/browse/JAMES-566
>             Project: James
>          Issue Type: Bug
>          Components: SMTPServer
>    Affects Versions: 2.3.0b2, 2.3.0b1, 2.3.0a3, 2.3.0a2, 2.3.0a1, 2.2.0, 
> 2.3.0b3, 2.3.0, 2.4.0, 3.0
>            Reporter: Vincenzo Gianferrari Pini
>         Assigned To: Vincenzo Gianferrari Pini
>             Fix For: 2.3.0b3, 3.0
>
>
> A fastfail DNSBRL blacklisted message is rejected even if the sender user is 
> successfully SMTP AUTHenticated.
> Instead in such case the message should be accepted.
> This bug is particularly critical in the scenario in which a blacklist that 
> lists dynamic IP ranges (like "dul.dnsbl.sorbs.net") is being used, and a 
> legitimate and SMTP AUTHenticated mail client roaming user connects from a 
> dynamic IP and tries to send a mail to the James server. He will be rejected 
> in such case.
> BTW, just FYI, statistics on my production server show that using fastfail 
> DNSBRL blacklists and the Bayesian mailet, about 20% of the spam gets 
> rejected by the "dul.dnsbl.sorbs.net" list, 65% by the other James stock 
> configuration lists, and almost all of the remaining 15% is detected (and 
> flagged for inspection) by the Bayesian mailet. Without the 
> "dul.dnsbl.sorbs.net" about 34% is detected and flagged by the Bayesian 
> mailet but has to be manually inspected to avoid false positives, and 1% is 
> undetected. So the dynamic IP criteria is very effective but, to be used, 
> this bug has to be fixed.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]