236605 – mail/sendmail: additional blacklisting for frequent useless connections [patch]

Bug 236605 - mail/sendmail: additional blacklisting for frequent useless connections [patch]

Summary: mail/sendmail: additional blacklisting for frequent useless connections [patch]

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Dirk Meyer

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-03-17 17:13 UTC by Helge Oldach
Modified:	2019-03-24 20:38 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	dinoex: maintainer-feedback+

Attachments
patch (1.57 KB, text/plain) 2019-03-17 17:13 UTC, Helge Oldach	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Helge Oldach 2019-03-17 17:13:17 UTC

Created attachment 202938 [details]
patch

In my maillog, I often observe hosts frequently contacting my sendmail without issuing any reasonable command, like this for example:

Mar 17 03:02:04 nuc sm-mta[98005]: x2H21q18098005: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Mar 17 03:02:15 nuc sm-mta[98132]: x2H2278J098132: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Mar 17 03:02:27 nuc sm-mta[98166]: x2H22JfW098166: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Mar 17 03:02:36 nuc sm-mta[98167]: x2H22SXD098167: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Mar 17 03:02:44 nuc sm-mta[98168]: x2H22aUN098168: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Mar 17 03:02:53 nuc sm-mta[98169]: x2H22if3098169: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Mar 17 03:03:01 nuc sm-mta[98170]: x2H22rvQ098170: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Mar 17 03:03:09 nuc sm-mta[98176]: x2H231fG098176: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Mar 17 03:03:17 nuc sm-mta[98177]: x2H239Q3098177: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Mar 17 03:03:26 nuc sm-mta[98211]: x2H23I3V098211: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4

In some cases I have observed hundreds of such connection attempts before giving up.

As we have blacklisting in the port, I was thinking to use that for calming down such servers. However it appears this particular logic is not in the blacklisting patch set yet.

The attached patch implements this. Admittedly it's kind of hackish as the "did not issue" message is emitted only when sendmail's input file descriptor is already closed, so we cannot use it for hand-over to blacklist() in the same way as it's done for the other blacklist() calls. Therefore I'm dup()ing the input fd early in the command loop for use by blacklist() and close the dup'ed fd later.

Comment 1 commit-hook freebsd_committer

2019-03-24 20:36:12 UTC

A commit references this bug:

Author: dinoex
Date: Sun Mar 24 20:35:46 UTC 2019
New revision: 496779
URL: https://svnweb.freebsd.org/changeset/ports/496779

Log:
  - additional blacklisting for frequent useless connections
  PR:		236605
  Submitted by:	Helge Oldach

Changes:
  head/mail/sendmail/files/patch-srvrsmtp.c

Comment 2 Dirk Meyer freebsd_committer

2019-03-24 20:38:04 UTC

Do not forget to whitelist your Network Monitoring Systems