Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-566

Fastfail DNSRBL blacklisted messages are rejected even if the sender user is successfully SMTP AUTHenticated

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.0
    • Fix Version/s: 2.3.0
    • Component/s: SMTPServer
    • Labels:
      None

      Description

      A fastfail DNSBRL blacklisted message is rejected even if the sender user is successfully SMTP AUTHenticated.

      Instead in such case the message should be accepted.

      This bug is particularly critical in the scenario in which a blacklist that lists dynamic IP ranges (like "dul.dnsbl.sorbs.net") is being used, and a legitimate and SMTP AUTHenticated mail client roaming user connects from a dynamic IP and tries to send a mail to the James server. He will be rejected in such case.

      BTW, just FYI, statistics on my production server show that using fastfail DNSBRL blacklists and the Bayesian mailet, about 20% of the spam gets rejected by the "dul.dnsbl.sorbs.net" list, 65% by the other James stock configuration lists, and almost all of the remaining 15% is detected (and flagged for inspection) by the Bayesian mailet. Without the "dul.dnsbl.sorbs.net" about 34% is detected and flagged by the Bayesian mailet but has to be manually inspected to avoid false positives, and 1% is undetected. So the dynamic IP criteria is very effective but, to be used, this bug has to be fixed.

        Activity

        Hide
        vincenzo Vincenzo Gianferrari Pini added a comment -

        The problem was in a misleading long boolean expression in RcptCmdHandler, that already gave us a similar problem in the past (in SMTPHandler), when it was used for controlling the logic for outbound mail, a few lines of code down. The code for the latter logic was fixed, but not the blacklist logic.

        Show
        vincenzo Vincenzo Gianferrari Pini added a comment - The problem was in a misleading long boolean expression in RcptCmdHandler, that already gave us a similar problem in the past (in SMTPHandler), when it was used for controlling the logic for outbound mail, a few lines of code down. The code for the latter logic was fixed, but not the blacklist logic.
        Hide
        danny@apache.org Danny Angus added a comment -

        Closing issue fixed in released version.

        Show
        danny@apache.org Danny Angus added a comment - Closing issue fixed in released version.

          People

          • Assignee:
            vincenzo Vincenzo Gianferrari Pini
            Reporter:
            vincenzo Vincenzo Gianferrari Pini
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Due:
              Created:
              Updated:
              Resolved:

              Development