SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000273: SMTP SASL authentication gets overriden by RBLs - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000273Endian FirewallGUIpublic2007-10-17 15:032011-04-21 13:18
ReporterwolfS 
Assigned Topeter-endian 
PrioritynormalSeverityminorReproducibilityalways
StatusfeedbackResolutionreopened 
PlatformOSOS Version
Product Version2.1.2 
Target VersionFixed in Version2.2-beta1 
Summary0000273: SMTP SASL authentication gets overriden by RBLs
DescriptionWhen SASL authentication is turned on (IMAP Server for SMTP authentication on Advanced Tab) the daemon runs and authenticates remote clients properly.
Nevertheless the connection gets rejected due to e.g. a DUL RBL.

Postfix main.cf should have permit_sasl_authenticated before the RBL entries:
smtpd_client_restrictions = check_client_access cidr:/etc/postfix/client_rules,
permit_sasl_authenticated,reject_rbl_client cbl.abuseat.org,reject_rbl_client du
l.dnsbl.sorbs.net
Additional InformationChange /usr/local/bin/restartsmtpd.py
diff restartsmtpd.py restartsmtpd.py.ORG
200,203d199
< # (WDS) SASL Auth check will be enabled, allow authenticated clients:
< if config_values.has_key('smtpd_imap_auth_enabled') and config_values.has_key('imap_auth_server') and config_values['smtpd_imap_auth_enabled'] == '1':
< config_values['smtpd_client_restrictions'] += ", permit_sasl_authenticated"
<
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0000534)
peter-endian (administrator)
2007-10-17 15:34

this makes sense. i added it
thank you very much!
(0006079)
jzdrzalek (reporter)
2011-04-05 14:18

I have a similar issue on Endian Firewall Appliance release 2.4-0 (Deployset #0) full patched. While accessing smtp service from outside clients gets classified as SPAM.
Most of the score is due to firewall is ignoring authenticated client.
I also took a look into main.cf. There is no statment about exemptions for
sasl authenticated clients.

Pkte Regelname Beschreibung
---- ---------------------- --------------------------------------------------
 0.0 FSL_HELO_NON_FQDN_1 FSL_HELO_NON_FQDN_1
 0.2 MULTIPART_ALTERNATIVE Multipart/Alternative
 2.0 RCVD_NONFQDN_HELO Received: a non FQDN HELO
 3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
                            [95.118.55.238 listed in zen.spamhaus.org]
 1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
                            [95.118.55.238 listed in bb.barracudacentral.org]
 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
                            https://senderscore.org/blacklistlookup/ [^]
                            [95.118.55.238 listed in bl.score.senderscore.com]
 0.0 HTML_MESSAGE BODY: Nachricht enthält HTML
 0.8 BAYES_50 BODY: Spamwahrscheinlichkeit nach Bayes-Test: 40-60%
                            [score: 0.4025]
 0.0 HELO_NO_DOMAIN Relay reports its domain incorrectly
 1.5 RDNS_DYNAMIC3 Delivered to trusted network by host with
                            dynamic-looking rDNS
 2.8 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers
-0.3 AWL AWL: From: address is in the auto white-list
(0006143)
ardit-endian (developer)
2011-04-21 12:36

Hi jzdrzalek,
in your case you should play with whitelist rules and RBL as the mails are *always* checked for spam, it happens many times that an internal PC (let's say on grean) is infected by a virus and begins spamming from inside, so if this is the case from inside than of course for outside the security is more restrictive.
(0006144)
jzdrzalek (reporter)
2011-04-21 13:18

yes, that's true but it's not a point.

Most of the SPAM Score is due to sender is submitting mail from an unauthorized ip address. RBL checks in that case doesnt make sense, eighter HELO NON FQDN and OUTLOOK TO MX. All this is related to valid MTA but not to User Agents, that are authenticated and authorized to submit email via efw smtp proxy.

Please review the Scores above.

Whitelisting is in my opinion not a right solution. By whitelisting a sender one opens a door for faked sender address. This is commonly used by spammers: from is the same as to.

Thank you

- Issue History
Date Modified Username Field Change
2007-10-17 15:03 wolfS New Issue
2007-10-17 15:34 peter-endian Status new => resolved
2007-10-17 15:34 peter-endian Resolution open => fixed
2007-10-17 15:34 peter-endian Assigned To => peter-endian
2007-10-17 15:34 peter-endian Note Added: 0000534
2007-10-27 17:14 peter-endian Status resolved => closed
2007-10-27 17:14 peter-endian Fixed in Version => 2.2
2011-04-05 14:18 jzdrzalek Note Added: 0006079
2011-04-05 14:18 jzdrzalek Status closed => feedback
2011-04-05 14:18 jzdrzalek Resolution fixed => reopened
2011-04-21 12:36 ardit-endian Note Added: 0006143
2011-04-21 13:18 jzdrzalek Note Added: 0006144

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker