You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Vincenzo Gianferrari Pini (JIRA)" <se...@james.apache.org> on 2006/07/14 13:48:14 UTC

[jira] Resolved: (JAMES-566) Fastfail DNSRBL blacklisted messages are rejected even if the sender user is successfully SMTP AUTHenticated

     [ http://issues.apache.org/jira/browse/JAMES-566?page=all ]

Vincenzo Gianferrari Pini resolved JAMES-566.
---------------------------------------------

    Resolution: Fixed

The problem was in a misleading long boolean expression in RcptCmdHandler, that already gave us a similar problem in the past (in SMTPHandler), when it was used for controlling the logic for outbound mail, a few lines of code down. The code for the latter logic was fixed, but not the blacklist logic.

> Fastfail DNSRBL blacklisted messages are rejected even if the sender user is successfully SMTP AUTHenticated
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: JAMES-566
>                 URL: http://issues.apache.org/jira/browse/JAMES-566
>             Project: James
>          Issue Type: Bug
>          Components: SMTPServer
>    Affects Versions: 2.3.0b2, 2.3.0b1, 2.3.0a3, 2.3.0a2, 2.3.0a1, 2.2.0, 2.3.0b3, 2.3.0, 2.4.0, 3.0
>            Reporter: Vincenzo Gianferrari Pini
>         Assigned To: Vincenzo Gianferrari Pini
>             Fix For: 2.3.0b3, 3.0
>
>
> A fastfail DNSBRL blacklisted message is rejected even if the sender user is successfully SMTP AUTHenticated.
> Instead in such case the message should be accepted.
> This bug is particularly critical in the scenario in which a blacklist that lists dynamic IP ranges (like "dul.dnsbl.sorbs.net") is being used, and a legitimate and SMTP AUTHenticated mail client roaming user connects from a dynamic IP and tries to send a mail to the James server. He will be rejected in such case.
> BTW, just FYI, statistics on my production server show that using fastfail DNSBRL blacklists and the Bayesian mailet, about 20% of the spam gets rejected by the "dul.dnsbl.sorbs.net" list, 65% by the other James stock configuration lists, and almost all of the remaining 15% is detected (and flagged for inspection) by the Bayesian mailet. Without the "dul.dnsbl.sorbs.net" about 34% is detected and flagged by the Bayesian mailet but has to be manually inspected to avoid false positives, and 1% is undetected. So the dynamic IP criteria is very effective but, to be used, this bug has to be fixed.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org