Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-465

Check for valid sender domain in mail from

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.3.0
    • Component/s: None
    • Labels:
      None

      Description

      I wrote a patch to support checking for resolvable domain in sender before accept "mail from:"

      1. james-config.xml-ignoreRelay.patch
        1 kB
        Norman Maurer
      2. james-config.xml-Resolv.patch
        1 kB
        Norman Maurer
      3. MailCmdHandler-ignoreRelay.patch
        3 kB
        Norman Maurer
      4. MailCmdHandler-Resolv.patch
        4 kB
        Norman Maurer
      5. MailCmdHandler-Resolv-Fixed.patch
        5 kB
        Norman Maurer
      6. MailCmdHandler-Resolv-V2.patch
        5 kB
        Norman Maurer
      7. MailFrom-rfc-fix-all.patch
        2 kB
        Norman Maurer
      8. SMTPServerTest-ignore-relayClient.patch
        3 kB
        Norman Maurer
      9. SMTPServerTest-Resolv.patch
        3 kB
        Norman Maurer
      10. SMTPTestConfiguration-ignore-relayClient.patch
        2 kB
        Norman Maurer
      11. SMTPTestConfiguration-Resolv.patch
        2 kB
        Norman Maurer

        Activity

        Hide
        norman Norman Maurer added a comment -

        Patch the config to reflect the new feature

        Show
        norman Norman Maurer added a comment - Patch the config to reflect the new feature
        Hide
        norman Norman Maurer added a comment -

        Patch MailCmdHandler for support new feature. Also do not add @localhost if no domain is given on mail from

        Show
        norman Norman Maurer added a comment - Patch MailCmdHandler for support new feature. Also do not add @localhost if no domain is given on mail from
        Hide
        norman Norman Maurer added a comment -

        Add junit test

        Show
        norman Norman Maurer added a comment - Add junit test
        Hide
        norman Norman Maurer added a comment -

        Add junit test

        Show
        norman Norman Maurer added a comment - Add junit test
        Hide
        norman Norman Maurer added a comment -

        Feature complete

        Show
        norman Norman Maurer added a comment - Feature complete
        Hide
        norman Norman Maurer added a comment -

        Please use this version of patch for MailCmdHandler.

        Show
        norman Norman Maurer added a comment - Please use this version of patch for MailCmdHandler.
        Hide
        norman Norman Maurer added a comment -

        After reread docs for mfdnschecks i notice that i checked the wrong dns entry. I checked for A records but it should check for MX records. I will fix it and add a new patch for the MailCmdHandler.
        All other patches should not be affected.

        Show
        norman Norman Maurer added a comment - After reread docs for mfdnschecks i notice that i checked the wrong dns entry. I checked for A records but it should check for MX records. I will fix it and add a new patch for the MailCmdHandler. All other patches should not be affected.
        Hide
        bago Stefano Bagnara added a comment -

        Maybe you want to look at the SenderInFakeDomain.java matcher, that already does a similar job.

        Show
        bago Stefano Bagnara added a comment - Maybe you want to look at the SenderInFakeDomain.java matcher, that already does a similar job.
        Hide
        norman Norman Maurer added a comment -

        Now the Feature does the right tests.. But i use org.xbill.DNS.* ... Maybe there is a better solution

        Show
        norman Norman Maurer added a comment - Now the Feature does the right tests.. But i use org.xbill.DNS.* ... Maybe there is a better solution
        Hide
        norman Norman Maurer added a comment -

        Maybe you want to mark it as resolved. cause you commited it ..

        Show
        norman Norman Maurer added a comment - Maybe you want to mark it as resolved. cause you commited it ..
        Hide
        norman Norman Maurer added a comment -

        Some improvments should be made (im on the way to finish them):
        1. mail from domain should not be checked if the connection was made from localhost
        2. Configuration value to ignore clients that are allowed to relay.

        Show
        norman Norman Maurer added a comment - Some improvments should be made (im on the way to finish them): 1. mail from domain should not be checked if the connection was made from localhost 2. Configuration value to ignore clients that are allowed to relay.
        Hide
        bago Stefano Bagnara added a comment -

        I changed the MailCmdHandler to lookup for a DNSServer service removing the dependencies from Xbill.
        In the SMTPServerTest I created a mock DNSServer that only provide results when the host is "james.apache.org".
        Please review/check my patch.

        About your last comment, IMHO, 1 is included in 2. The default configuration is to relay mail from localhost.

        Show
        bago Stefano Bagnara added a comment - I changed the MailCmdHandler to lookup for a DNSServer service removing the dependencies from Xbill. In the SMTPServerTest I created a mock DNSServer that only provide results when the host is "james.apache.org". Please review/check my patch. About your last comment, IMHO, 1 is included in 2. The default configuration is to relay mail from localhost.
        Hide
        bago Stefano Bagnara added a comment -

        We should document explicitly that the check done is: valid MX record for the domain and not simply resolvable domain name.
        Not all resolvable/valid domains also have valid mx records configured.
        They are 2 different checks.

        Show
        bago Stefano Bagnara added a comment - We should document explicitly that the check done is: valid MX record for the domain and not simply resolvable domain name. Not all resolvable/valid domains also have valid mx records configured. They are 2 different checks.
        Hide
        norman Norman Maurer added a comment -

        true! let me post a new patch for this.. i will post it in about 30 Minutes. We only should check MX . A record is not necassary for this.

        Show
        norman Norman Maurer added a comment - true! let me post a new patch for this.. i will post it in about 30 Minutes. We only should check MX . A record is not necassary for this.
        Hide
        norman Norman Maurer added a comment -

        Add new config value to ignore relayclients

        Show
        norman Norman Maurer added a comment - Add new config value to ignore relayclients
        Hide
        norman Norman Maurer added a comment -

        Add new config value to ignore relayclients

        Show
        norman Norman Maurer added a comment - Add new config value to ignore relayclients
        Hide
        norman Norman Maurer added a comment -

        Plz have a look at the patches i post.. I think that whould make more sense,, The same should be made to EHLO/HELO check.

        Now the junit tests need to get updated..

        Show
        norman Norman Maurer added a comment - Plz have a look at the patches i post.. I think that whould make more sense,, The same should be made to EHLO/HELO check. Now the junit tests need to get updated..
        Hide
        norman Norman Maurer added a comment -

        Update Junit

        Show
        norman Norman Maurer added a comment - Update Junit
        Hide
        norman Norman Maurer added a comment -

        Update Junit.
        Complete

        Show
        norman Norman Maurer added a comment - Update Junit. Complete
        Hide
        bago Stefano Bagnara added a comment -

        Applied patches to sender domain validity check.
        We probably should choose a different option that "ignoreRelayClient".

        The only suggestion I can think now is: "checkAuthClients" with an inverted behaviour (default to false).
        (Both Authentication and AuthenticatedAddresses change the relay behaviour)

        Any other idea?

        Show
        bago Stefano Bagnara added a comment - Applied patches to sender domain validity check. We probably should choose a different option that "ignoreRelayClient". The only suggestion I can think now is: "checkAuthClients" with an inverted behaviour (default to false). (Both Authentication and AuthenticatedAddresses change the relay behaviour) Any other idea?
        Hide
        norman Norman Maurer added a comment -

        Sounds good for me..

        Show
        norman Norman Maurer added a comment - Sounds good for me..
        Hide
        norman Norman Maurer added a comment -

        After rereading rfc a note that if "NO MX record" is found for a domain a MailServer should try to deliver it to the "A record" of the domain.
        So we should check for A record too if no MX record was found. If none of both is found we can reject it!

        Show
        norman Norman Maurer added a comment - After rereading rfc a note that if "NO MX record" is found for a domain a MailServer should try to deliver it to the "A record" of the domain. So we should check for A record too if no MX record was found. If none of both is found we can reject it!
        Hide
        norman Norman Maurer added a comment -

        This patch change the behavior to the above descripted.

        Show
        norman Norman Maurer added a comment - This patch change the behavior to the above descripted.
        Hide
        norman Norman Maurer added a comment -

        Forget to post the RFC-Part:

        The lookup first attempts to locate an MX
        record associated with the name. If a CNAME record is found instead,
        the resulting name is processed as if it were the initial name. If
        no MX records are found, but an A RR is found, the A RR is treated as
        if it was associated with an implicit MX RR, with a preference of 0,
        pointing to that host.

        its in RFC:
        http://www.ietf.org/rfc/rfc2821.txt
        5. Address Resolution and Mail Handling

        Show
        norman Norman Maurer added a comment - Forget to post the RFC-Part: The lookup first attempts to locate an MX record associated with the name. If a CNAME record is found instead, the resulting name is processed as if it were the initial name. If no MX records are found, but an A RR is found, the A RR is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host. its in RFC: http://www.ietf.org/rfc/rfc2821.txt 5. Address Resolution and Mail Handling
        Hide
        norman Norman Maurer added a comment -

        This is allready done by findMXRecords.
        Sorry

        Show
        norman Norman Maurer added a comment - This is allready done by findMXRecords. Sorry
        Hide
        danny@apache.org Danny Angus added a comment -

        Closing issue fixed in released version.

        Show
        danny@apache.org Danny Angus added a comment - Closing issue fixed in released version.

          People

          • Assignee:
            bago Stefano Bagnara
            Reporter:
            norman Norman Maurer
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development