09.24.10
sendmail & postscreen
Первый раз вижу, чтобы нормальные почтовые сервера Pregreet’ами баловались. Обычно это треш-по от спаммеров, а тут вот вполне приличный sendmail. У, вероятно, вполне приличной фирмы “Ренесанс-страхование” (renins.com). Ан нет. Кажется у кого-таки обьекты /dev/ass и /dev/hands совмещены.
[root@mx2 ~]# grep -ih renins.com /var/log/maillog* | grep postscreen
Sep 24 15:01:01 mx2 postfix/postscreen[29116]: PREGREET 21 after 0.07 from 194.190.22.69: HELO mx2.renins.com??
Sep 23 20:21:57 mx2 postfix/postscreen[16099]: PREGREET 21 after 0.07 from 194.190.22.69: HELO mx2.renins.com??
Sep 23 18:42:09 mx2 postfix/postscreen[16099]: PREGREET 17 after 0.1 from 92.83.120.92: HELO renins.com??
Sep 23 18:45:18 mx2 postfix/postscreen[16099]: PREGREET 17 after 0.1 from 92.83.120.92: HELO renins.com??
Sep 23 18:51:10 mx2 postfix/postscreen[16099]: PREGREET 17 after 0.1 from 92.83.120.92: HELO renins.com??
Sep 23 18:51:18 mx2 postfix/postscreen[16099]: PREGREET 17 after 0.1 from 92.83.120.92: HELO renins.com??
Sep 23 18:51:53 mx2 postfix/postscreen[16099]: PREGREET 17 after 0.1 from 92.83.120.92: HELO renins.com??
Sep 23 18:52:39 mx2 postfix/postscreen[16099]: PREGREET 17 after 0.14 from 92.83.120.92: HELO renins.com??
Sep 24 08:13:17 mx2 postfix/postscreen[86914]: PREGREET 21 after 0.09 from 62.168.227.180: HELO mx7.renins.com??
Что любопытно, баннер сервера отдают одинаковый, но часть серверов ведет себя нормально, а часть активно нарушает RFC.
[root@mx2 ~]# telnet mx1.renins.com 25
Trying 194.190.22.23…
Connected to mx1.renins.com.
Escape character is ‘^]’.
220 mx1.renins.com ESMTP Sendmail 8.13.7/8.14.2; Fri, 24 Sep 2010 15:14:51 +0400
^]
telnet>
telnet> quit
Connection closed.
[root@mx2 ~]# telnet mx2.renins.com 25
Trying 194.190.22.69…
Connected to mx2.renins.com.
Escape character is ‘^]’.
220 mx2.renins.com ESMTP Sendmail 8.13.7/8.14.2; Fri, 24 Sep 2010 15:15:12 +0400
^]
telnet> quit
Connection closed.
Материалы по теме:
http://www.postfix.org/POSTSCREEN_README.html
http://www.rfc-editor.org/rfc/rfc5321.txt
“The communication between the sender and receiver is an
alternating dialogue, controlled by the sender. As such, the
sender issues a command and the receiver responds with a reply.
Unless other arrangements are negotiated through service
extensions, the sender MUST wait for this response before sending
further commands. One important reply is the connection greeting.
Normally, a receiver will send a 220 “Service ready” reply when
the connection is completed. The sender SHOULD wait for this
greeting message before sending any commands.”