[volunteers] Renewal reminder mails from joker.com

Rick Moen rick at linuxmafia.com
Tue Aug 2 01:29:11 PDT 2016


Quoting Marc MERLIN (marc_news at merlins.org):

> But without looking, exim thinks svlug.org is not a local domain so it
> refuses to relay for it.
> You can probably add it to 
> /etc/mail/domains/localdomains or somesuch

Aha! 

  lists:/etc/mail/domains# cat localdomains
  # Domains that are accepted locally

  svlug.net
  lists.svlug.net
  svlug.com
  lists.svlug.com
  lists:/etc/mail/domains# 

Huh, you're right.  Added svlug.org to that.


[rick at linuxmafia]
~ $ telnet lists.svlug.org 25
Trying 71.19.144.13...
Connected to lists.svlug.org.
Escape character is '^]'.
220 mail.svlug.org ESMTP Exim 4.44 #1 Tue, 02 Aug 2016 01:24:07 -0700 -
mm9
HELO joker.com
250 mail.svlug.org Hello linuxmafia.com [198.144.195.186]
MAIL FROM: <joker-bounce at joker.com>
250 OK
RCPT TO: <president at svlug.org>
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
From: bogus at joker.com
To: president at svlug.org
Subject: test message

This is a test.
.
250 OK id=1bUV1f-0004Jm-59
quit
221 mail.svlug.org closing connection
Connection closed by foreign host.
[rick at linuxmafia]
~ $ 

And we are fixed!  (It landed in the Mailman admin queue.)

Thank you, sir.

-- 
Cheers,                           « Dans les champs de l'observation, le hasard
Rick Moen                         ne favorise que les esprits préparé. »
rick at linuxmafia.com                                           -- Louis Pasteur
McQ! (4x80)





> This likely broke because the hostname probably isn't svlug.svlug.org so
> svlug.org isn't a default domain anymore
> (totally guessing since I can't look)
> 
> Marc
>  
> > svlug.org was due to expire on Aug. 6th.  As mentioned, I was on the
> > ball and renewed it.  Joker.com's renewal reminders were supposed to go to
> > 'president at svlug.org', which resolves locally to this mailing list.  We
> > didn't get them.
> > 
> > 
> > NOTE:  Never rely on reminder e-mails.  As if that weren't obvious.
> > 
> > 
> > On lists.svlug.org, in the chroot, in /var/log/exim4/rejectlog, one
> > sees:
> > 
> > 2016-08-01 17:22:04 H=mailout1.joker.csl.de [194.245.148.146]:58759 I=[71.19.144.13]:25 F=<joker-bounce at joker.com> rejected RCPT <president at svlug.org>: authentication required
> > 2016-08-01 17:22:04 H=mailout1.joker.csl.de [194.245.148.146]:58761 I=[71.19.144.13]:25 F=<joker-bounce at joker.com> rejected RCPT <president at svlug.org>: authentication required
> > 
> > Earlier, in rejectlog.6.gz, we see:
> > 
> > 2016-07-27 03:50:40 H=mailout1.joker.csl.de [194.245.148.146]:36968 I=[71.19.144.13]:25 F=<donotreplyerrp-president=svlug.org at bounce.joker.com> rejected RCPT <president at svlug.org>: authentication required
> > 
> > 
> > mainlog has:
> > 
> > 
> > 2016-08-01 17:22:04 H=mailout1.joker.csl.de [194.245.148.146]:58759 I=[71.19.144.13]:25 F=<joker-bounce at joker.com> rejected RCPT <president at svlug.org>: authentication required
> > 2016-08-01 17:22:04 H=mailout1.joker.csl.de [194.245.148.146]:58761 I=[71.19.144.13]:25 F=<joker-bounce at joker.com> rejected RCPT <president at svlug.org>: authentication required
> > 
> > 
> > Can be verified manually:
> > 
> > 
> > [rick at linuxmafia] 
> > ~ $ telnet lists.svlug.org 25
> > Trying 71.19.144.13...
> > Connected to lists.svlug.org.
> > Escape character is '^]'.
> > 220 mail.svlug.org ESMTP Exim 4.44 #1 Mon, 01 Aug 2016 17:43:51 -0700 - mm9
> > HELO joker.com
> > 250 mail.svlug.org Hello linuxmafia.com [198.144.195.186]
> > MAIL FROM: <joker-bounce at joker.com>
> > 250 OK
> > RCPT TO: <president at svlug.org>
> > 550 authentication required
> > quit
> > 221 mail.svlug.org closing connection
> > Connection closed by foreign host.
> > [rick at linuxmafia]
> > ~ $ 
> > 
> > 
> > The 'authentication required' SMTP 550 refusal is somewhat generic.  The
> > receiving MTA is basically just saying it doesn't like the claimed
> > sender and isn't really saying why.
> > 
> > 
> > As a scattershot (because I haven't taken the time to dig deeper), I've
> > tried adding the sending MTA's IP or hostname (as appropriate) to a
> > bunch of the Exim ACL files in /etc/exim4/acls, but made no improvement.
> > (I just backed out those additions, as they didn't help.)
> > 
> > 
> > The check in question appears to be:
> > 
> > lists:/etc/exim4/acls# cd ..
> > lists:/etc/exim4# grep -r 'authentication required' *
> > conf.d/acl/29_check_rcpt_end:          message	= authentication required
> > lists:/etc/exim4# 
> > 
> > 
> > That rules file contains:
> > 
> >   # Accept if the address is in a local domain, but only if the recipient can
> >   # be verified. Otherwise deny. The "endpass" line is the border between
> >   # passing on to the next ACL statement (if tests above it fail) or denying
> >   # access (if tests below it fail).
> >   accept  domains       = +local_domains
> >           endpass
> >           message       = unknown user
> >           verify        = recipient
> > 
> >   # Accept if the address is in a domain for which we are relaying, but again,
> >   # only if the recipient can be verified (this saves your secondary
> >   # MXes from accepting mail that they then can't send to your primary
> >   # MX)
> >   accept  domains       = +relay_to_domains
> >           endpass
> >           message       = unrouteable address
> >           verify        = recipient/callout=30s/callout_defer_ok
> > 
> >   # If control reaches this point, the domain is neither in +local_domains
> >   # nor in +relay_to_domains.
> > 
> >   # Accept if the message comes from one of the hosts for which we are an
> >   # outgoing relay. Recipient verification is omitted here, because in many
> >   # cases the clients are dumb MUAs that don't cope well with SMTP error
> >   # responses. If you are actually relaying out from MTAs, you should probably
> >   # add recipient verification here.
> >   accept  hosts         = +localadds:+relay_from_hosts
> >           verify        = recipient
> > 
> > 
> >   accept  hosts         = +auth_relay_hosts
> >           endpass
> >           message       = authentication required
> >           authenticated = *
> > 
> >   warn    message       = X-Broken-Reverse-DNS: no host name found for IP addres
> > s $sender_host_address
> >          !verify        = reverse_host_lookup
> > 
> > 
> >   # Reaching the end of the ACL causes a "deny", but we might as well give
> >   # an explicit message.
> >   deny    message       = relay not permitted
> >           delay         = TEERGRUBE
> > 
> 
> -- 
> "A mouse is a device used to point at the xterm you want to type in" - A.S.R.
> Microsoft is to operating systems ....
>                                       .... what McDonalds is to gourmet cooking
> Home page: http://marc.merlins.org/                         | PGP 1024R/763BE901



More information about the volunteers mailing list