Authenicating users

Kevin Miller Kevin_Miller at CI.JUNEAU.AK.US
Tue May 24 16:38:59 IST 2005 

Mike wrote:
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]
>> On Behalf Of Kevin Miller
>>
>> Original (>) lines mine, Mike's reply below.  So if my premise is
>> wrong, how might I go about troubleshooting this?  Running on SuSE
>> 9.3, sendmail
>> 8.13.something...
>
> First of all, there seem to be more Mike's on this list. The mail
> you're referring to was written by me. Mike Kercher also replied to
> this thread, which makes it kind of confusing which Mike said what...

Yeah, Mike Kercher and I figured that out off line pretty fast.  That's what
I love about this group - everybody's so willing to help!


> Anyway, the reason why milter-sender fails for your site, has, IMHO,
> nothing to do with Exchange version whatever. If I look up the MX
> records for your host, this is what I get:

I agree - I was confused by that but Drew Marshall, et. al. cleared that up
for me.

> # host -t mx ci.juneau.ak.us
> ci.juneau.ak.us mail is handled by 10 mxg.ci.juneau.ak.us.
> ci.juneau.ak.us mail is handled by 15 mail3.ci.juneau.ak.us.
> ci.juneau.ak.us mail is handled by 20 mxl.ci.juneau.ak.us.

Which is reality.


> When I telnet the SMTP port on the mail server with the highest
> priority (mxg.ci.juneau.ak.us) something goes wrong:
>
> # telnet mxg.ci.juneau.ak.us 25
> Trying 199.58.52.9...
> Connected to mxg.ci.juneau.ak.us.
> Escape character is '^]'.
> 220
>
************************************************************0*********2*****
*200**22********0*00

Yes.  We can thank Cisco for that.  That's what a PIX does to obfuscate the
mail server.  I guess the assumption is that it's harder to exploit a
particular version of software if you don't know what version/brand it is.
On the inside I get normal headers.  It's never cause a problem (that I'm
aware of anyway) before.


> However, if I telnet any of the other mail hosts (priority 15 and 20)
> a normal reply is received:
>
> # telnet mail3.ci.juneau.ak.us 25
> Trying 24.237.22.213...
> Connected to mail3.ci.juneau.ak.us.
> Escape character is '^]'.
> 220 mail3.ci.juneau.ak.us ESMTP Sendmail 8.12.10/8.12.3/SuSE Linux
> 0.6; Mon, 23 May 2005 22:56:48 -0800
>
> # telnet mxl.ci.juneau.ak.us 25
> Trying 204.238.24.183...
> Connected to mxl.ci.juneau.ak.us.
> Escape character is '^]'.
> 220 mxl.ci.juneau.ak.us ESMTP Sendmail 8.12.3/8.12.3/SuSE Linux 0.6;
> Mon, 23 May 2005 22:56:04 -0800

Those access the internet via different routes so don't get hosed.


> My guess is that there's a problem with mxg.ci.juneau.ak.us and if
> you resolve that problem (or remove that host from the MX records
> altogether), milter-sender's CallBack will function as expected.
> Apparently it does not try another MX host when a problem like yours
> occurs. Note however that this is the first time I've seen this kind
> of problem with milter-sender though!

Well, the problem's not with mxg, but with what the PIX does.  I suspect
you'll see similar issues at other PIX secured sites.  It's a fairly common
firewall.  I'll have to Google for the pros/cons/howto to think about
turning it off here.  It may or may not be a problem at your end to lose
mail due to hitting a PIX.  This is the first time I've gotten a 451 back
but if more and more folks start using milter-sender it may be an issue for
me.  Depending on the user here, I may or may not hear about it.  They're so
funny.  They'll get a problem and suffer in silence so as not to 'bug' us.
We tell 'em to bug us or we never know something's broken but you never know
if they will or not.  LOL.

Do the failures turn up in the logs at your side?  Can you tell if a failure
is a false positive?  I'm interested in looking into milter-sender, but
don't want to increase my FP rate in the process of getting rid of a bit
more spam...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list