Re: Exim, RBL/ORBS, fetchmail and POP3

To: Phil Brutsche <pbrutsch@tux.creighton.edu>
Cc: Debian Users List <debian-user@lists.debian.org>
Subject: Re: Exim, RBL/ORBS, fetchmail and POP3
From: John Bacalle <john@unixen.org>
Date: Thu, 14 Dec 2000 22:41:11 -0500
Message-id: <[🔎] 20001214224111.B2227@unixen.org>
Mail-followup-to: Phil Brutsche <pbrutsch@tux.creighton.edu>, Debian Users List <debian-user@lists.debian.org>
In-reply-to: <[🔎] Pine.LNX.4.31.0012142019480.18038-100000@tux.creighton.edu>
References: <[🔎] 20001214194436.A1349@unixen.org> <[🔎] Pine.LNX.4.31.0012142019480.18038-100000@tux.creighton.edu>

On Thu, Dec 14, 2000 at 08:23:50PM -0600, Phil Brutsche wrote:
> A long time ago, in a galaxy far, far way, someone said...
> 
> > BTW, is it possible to use Exim's RBL/ORBS blackholing with fetchmail
> > _and_ POP3?
> 
> exim's blackholing only works if the messages are delivered direct to your
> computer and not via fetchmail.

Are you absolutely sure? I ask because the fetchmail man page makes it
sound like it can do just that.

> Obviously the answer (to me, at least :) is to detect if the mail message
> was delivered to your ISP via an open relay.

Yes, Exim has rbl functionality. 

OK. Some excerpts from man fetchmail:

>        -Z nnn, --antispam nnn[,nnn[,nnn...]]
>               (Keyword: antispam) Specifies the list  of  numeric
>               SMTP  errors  that are to be interpreted as a spam-
                ^^^^^^^^^^^^

>               block response from the listener.  A  value  of  -1
>               disables this option.  For the command-line option,
>               the list values should be comma-separated.


> SPAM FILTERING
>        Many SMTP listeners allow administrators to set  up  `spam
>        filters'  that  block  unsolicited  email  from  specified
>        domains.  A MAIL FROM or DATA line that triggers this fea
                     ^^^^^^^^^    ^^^^

This is the part that really widens my eyes. Doing a 'fetchmail -vv >
log' and looking at the output shows what is going on between fetchmail
and my MTA as it downloads my POP3 mail from my ISP. 


> fetchmail: SMTP> MAIL FROM:<bounce-debian-devel=john=unixen.org@lists.debian.org> SIZE=2697

fetchmail sends the MTA the MAIL FROM: line, but this is not what rbl
uses. This is basically the spoofable From: address.

> fetchmail: SMTP< 250 <bounce-debian-devel=john=unixen.org@lists.debian.org>... Sender ok

MTA responds with code 250, all's OK. Deliver. 

> fetchmail: SMTP> RCPT TO:<john@localhost>
> fetchmail: SMTP< 250 <john@localhost>... Recipient ok
> fetchmail: SMTP> DATA
                   ^^^^

But the fetchmail man page also mentions the ``DATA line.''

> fetchmail: SMTP< 354 Enter mail, end with "." on a line by itself

MTA responds to the DATA line with code 354. Here's the question: if
fetchmail can examine on the ``DATA line'' (which I take to mean the
email headers, including the Received: line, and doesn't the rbl use
this line to do a lookup of a spammer?) does that mean that an MTA like
Exim can return an rbl match, generating an error that fetchmail
recognizes, or that we instruct it to recognize via the '-Z nnn' switch.
And therefore DELEs that UCE serverside?!

> fetchmail: SMTP>. (EOM)
> fetchmail: SMTP< 250 HAA00893 Message accepted for delivery
>  flushed
> fetchmail: POP3> DELE 1
> fetchmail: POP3< +OK


>        ture  will  elicit  an SMTP response which (unfortunately)
>        varies according to the listener.

But which can be set if necessary by '-Z nnn', see above.

>        Newer versions of sendmail return an error  code  of  571.
>        This  return  value is blessed by RFC1893 as "Delivery not
>        authorized, message refused".
> 
>        According to current drafts of the replacement for RFC821,
>        the  correct  thing  to  return  in  this situation is 550
>        "Requested action not  taken:  mailbox  unavailable"  (the
>        draft  adds  "[E.g., mailbox not found, no access, or com
>        mand rejected for policy reasons].").
> 
>        The exim MTA returns 501 "Syntax error  in  parameters  or
>        arguments", but will move to 550 soon.
> 
>        The  fetchmail code recognizes and discards the message on
>        any of a list of responses that  defaults  to  [571,  550,
>        501, 554] but can be set with the `antispam' option.  This
>        is one of the only three circumstance under  which  fetch
>        mail  ever  discards  mail (the others are the 552 and 553
>        errors  described  below,  and  the  suppression  of  mul
>        tidropped messages with a message-ID already seen).
> 
>        If fetchmail is fetching from an IMAP server, the antispam
>        response will be detected and the message rejected immedi
>        ately after the headers have been fetched, without reading
>        the message body.  Thus, you  won't  pay  for  downloading
>        spam message bodies.
> 
>        Mail  that is spam-blocked triggers an RFC1892 bounce mes
>        sage informing the originator that we do not  accept  mail
>        from it.


> If you search freshmeat.net I think you'll find one program that does so
> (I don't recall what it's called), but I havent' yet found a way to make
> it work nicely with exim's filtering language, which I rely on to filter
> my email.

This fetchmail/MTA/RBL thing seems so natural to me that I can't believe
it hasn't been done, or is being done for POP3 users. 

   John

-- 
John Bacalle

Reply to:

Follow-Ups:
- Re: Exim, RBL/ORBS, fetchmail and POP3
  - From: Phil Brutsche <pbrutsch@tux.creighton.edu>
- Re: Exim, RBL/ORBS, fetchmail and POP3
  - From: Mark Brown <broonie@sirena.org.uk>

References:
- Exim, RBL/ORBS, fetchmail and POP3
  - From: John Bacalle <john@unixen.org>
- Re: Exim, RBL/ORBS, fetchmail and POP3
  - From: Phil Brutsche <pbrutsch@tux.creighton.edu>

Prev by Date: Re: Manpages
Next by Date: Re: I'm Confused with SBLive!
Previous by thread: Re: Exim, RBL/ORBS, fetchmail and POP3
Next by thread: Re: Exim, RBL/ORBS, fetchmail and POP3
Index(es):
- Date
- Thread