SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000273: SMTP SASL authentication gets overriden by RBLs - MantisBT
MantisBT - Endian Firewall
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0000273Endian FirewallGUIpublic2007-10-17 15:032011-04-21 13:18
ReporterwolfS 
Assigned Topeter-endian 
PrioritynormalSeverityminorReproducibilityalways
StatusfeedbackResolutionreopened 
PlatformOSOS Version
Product Version2.1.2 
Target VersionFixed in Version2.2-beta1 
Customer Importance
Customer Occurrences
Queue
Summary0000273: SMTP SASL authentication gets overriden by RBLs
DescriptionWhen SASL authentication is turned on (IMAP Server for SMTP authentication on Advanced Tab) the daemon runs and authenticates remote clients properly.
Nevertheless the connection gets rejected due to e.g. a DUL RBL.

Postfix main.cf should have permit_sasl_authenticated before the RBL entries:
smtpd_client_restrictions = check_client_access cidr:/etc/postfix/client_rules,
permit_sasl_authenticated,reject_rbl_client cbl.abuseat.org,reject_rbl_client du
l.dnsbl.sorbs.net
Steps To Reproduce
Additional InformationChange /usr/local/bin/restartsmtpd.py
diff restartsmtpd.py restartsmtpd.py.ORG
200,203d199
< # (WDS) SASL Auth check will be enabled, allow authenticated clients:
< if config_values.has_key('smtpd_imap_auth_enabled') and config_values.has_key('imap_auth_server') and config_values['smtpd_imap_auth_enabled'] == '1':
< config_values['smtpd_client_restrictions'] += ", permit_sasl_authenticated"
<
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2007-10-17 15:03wolfSNew Issue
2007-10-17 15:34peter-endianStatusnew => resolved
2007-10-17 15:34peter-endianResolutionopen => fixed
2007-10-17 15:34peter-endianAssigned To => peter-endian
2007-10-17 15:34peter-endianNote Added: 0000534
2007-10-27 17:14peter-endianStatusresolved => closed
2007-10-27 17:14peter-endianFixed in Version => 2.2
2011-04-05 14:18jzdrzalekNote Added: 0006079
2011-04-05 14:18jzdrzalekStatusclosed => feedback
2011-04-05 14:18jzdrzalekResolutionfixed => reopened
2011-04-21 12:36ardit-endianNote Added: 0006143
2011-04-21 13:18jzdrzalekNote Added: 0006144

Notes
(0000534)
peter-endian   
2007-10-17 15:34   
this makes sense. i added it
thank you very much!
(0006079)
jzdrzalek   
2011-04-05 14:18   
I have a similar issue on Endian Firewall Appliance release 2.4-0 (Deployset #0) full patched. While accessing smtp service from outside clients gets classified as SPAM.
Most of the score is due to firewall is ignoring authenticated client.
I also took a look into main.cf. There is no statment about exemptions for
sasl authenticated clients.

Pkte Regelname Beschreibung
---- ---------------------- --------------------------------------------------
 0.0 FSL_HELO_NON_FQDN_1 FSL_HELO_NON_FQDN_1
 0.2 MULTIPART_ALTERNATIVE Multipart/Alternative
 2.0 RCVD_NONFQDN_HELO Received: a non FQDN HELO
 3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
                            [95.118.55.238 listed in zen.spamhaus.org]
 1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
                            [95.118.55.238 listed in bb.barracudacentral.org]
 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
                            https://senderscore.org/blacklistlookup/ [^]
                            [95.118.55.238 listed in bl.score.senderscore.com]
 0.0 HTML_MESSAGE BODY: Nachricht enthält HTML
 0.8 BAYES_50 BODY: Spamwahrscheinlichkeit nach Bayes-Test: 40-60%
                            [score: 0.4025]
 0.0 HELO_NO_DOMAIN Relay reports its domain incorrectly
 1.5 RDNS_DYNAMIC3 Delivered to trusted network by host with
                            dynamic-looking rDNS
 2.8 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers
-0.3 AWL AWL: From: address is in the auto white-list
(0006143)
ardit-endian   
2011-04-21 12:36   
Hi jzdrzalek,
in your case you should play with whitelist rules and RBL as the mails are *always* checked for spam, it happens many times that an internal PC (let's say on grean) is infected by a virus and begins spamming from inside, so if this is the case from inside than of course for outside the security is more restrictive.
(0006144)
jzdrzalek   
2011-04-21 13:18   
yes, that's true but it's not a point.

Most of the SPAM Score is due to sender is submitting mail from an unauthorized ip address. RBL checks in that case doesnt make sense, eighter HELO NON FQDN and OUTLOOK TO MX. All this is related to valid MTA but not to User Agents, that are authenticated and authorized to submit email via efw smtp proxy.

Please review the Scores above.

Whitelisting is in my opinion not a right solution. By whitelisting a sender one opens a door for faked sender address. This is commonly used by spammers: from is the same as to.

Thank you