Created attachment 202938 [details] patch In my maillog, I often observe hosts frequently contacting my sendmail without issuing any reasonable command, like this for example: Mar 17 03:02:04 nuc sm-mta[98005]: x2H21q18098005: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:02:15 nuc sm-mta[98132]: x2H2278J098132: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:02:27 nuc sm-mta[98166]: x2H22JfW098166: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:02:36 nuc sm-mta[98167]: x2H22SXD098167: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:02:44 nuc sm-mta[98168]: x2H22aUN098168: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:02:53 nuc sm-mta[98169]: x2H22if3098169: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:03:01 nuc sm-mta[98170]: x2H22rvQ098170: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:03:09 nuc sm-mta[98176]: x2H231fG098176: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:03:17 nuc sm-mta[98177]: x2H239Q3098177: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 17 03:03:26 nuc sm-mta[98211]: x2H23I3V098211: [221.227.107.69] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 In some cases I have observed hundreds of such connection attempts before giving up. As we have blacklisting in the port, I was thinking to use that for calming down such servers. However it appears this particular logic is not in the blacklisting patch set yet. The attached patch implements this. Admittedly it's kind of hackish as the "did not issue" message is emitted only when sendmail's input file descriptor is already closed, so we cannot use it for hand-over to blacklist() in the same way as it's done for the other blacklist() calls. Therefore I'm dup()ing the input fd early in the command loop for use by blacklist() and close the dup'ed fd later.
A commit references this bug: Author: dinoex Date: Sun Mar 24 20:35:46 UTC 2019 New revision: 496779 URL: https://svnweb.freebsd.org/changeset/ports/496779 Log: - additional blacklisting for frequent useless connections PR: 236605 Submitted by: Helge Oldach Changes: head/mail/sendmail/files/patch-srvrsmtp.c
Do not forget to whitelist your Network Monitoring Systems