From boone@bp6.adlistings.com  Wed May  8 13:21:24 2002
Return-Path: <boone@bp6.adlistings.com>
Received: from bp6.adlistings.com (bp6.adlistings.com [63.121.209.100])
	by hub.freebsd.org (Postfix) with ESMTP id 994B637BA8C
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  8 May 2002 13:19:55 -0700 (PDT)
Received: from bp6.adlistings.com (localhost [127.0.0.1])
	by bp6.adlistings.com (8.12.2/8.11.6) with ESMTP id g48KJmlk010635
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 8 May 2002 15:19:49 -0500 (CDT)
	(envelope-from boone@bp6.adlistings.com)
Received: (from root@localhost)
	by bp6.adlistings.com (8.12.2/8.12.3/Submit) id g48KJmvr010634;
	Wed, 8 May 2002 15:19:48 -0500 (CDT)
Message-Id: <200205082019.g48KJmvr010634@bp6.adlistings.com>
Date: Wed, 8 May 2002 15:19:48 -0500 (CDT)
From: Barry Boone <boone@adlistings.com>
Reply-To: Barry Boone <boone@adlistings.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Sendmail 8.12 - DNS Blackhole list not working
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         37866
>Category:       bin
>Synopsis:       Sendmail 8.12 - DNS Blackhole list not working
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    gshapiro
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 08 13:30:01 PDT 2002
>Closed-Date:    Thu May 09 21:53:20 PDT 2002
>Last-Modified:  Thu May 09 21:53:20 PDT 2002
>Originator:     Barry Boone
>Release:        FreeBSD 4.5-STABLE i386
>Organization:
DealHunting.com
>Environment:
System: FreeBSD bp6.adlistings.com 4.5-STABLE FreeBSD 4.5-STABLE #1: Tue Apr 2 17:35:42 CST 2002 boone@bp6.adlistings.com:/usr/src/sys/compile/DP i386


>Description:
	When I add a DNS blackhole option to my sendmail.mc and build a sendmail.cf using the freebsd.mc template, the resultant sendmail.cf blocks ALL incoming emails as spam.  This did not happen under 8.11.
>How-To-Repeat:
	Add "FEATURE(dnsbl,`favorite.blackhole.dns.server.com')dnl" to the mc file and rebuild the cf.
>Fix:



>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->gshapiro 
Responsible-Changed-By: cjc 
Responsible-Changed-When: Thu May 9 12:11:11 PDT 2002 
Responsible-Changed-Why:  
I have suspicions about this, the fairly recent policy changes of some 
popular blackhole services, but I'm not too sure. Give this to the 
sendmail maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=37866 

From: Barry Boone <BarryB@pennnet.com>
To: "'freebsd-gnats-submit@FreeBSD.org'" <freebsd-gnats-submit@FreeBSD.org>
Cc:  
Subject: Re: bin/37866: Sendmail 8.12 - DNS Blackhole list not working
Date: Thu, 9 May 2002 17:57:40 -0500 

 This message is in MIME format. Since your mail reader does not understand
 this format, some or all of this message may not be legible.
 
 ------_=_NextPart_001_01C1F7AC.EBD1B7F0
 Content-Type: text/plain
 
 I would add to this:
  
 If I set bl.spamcop.net as the server on my 4.5-RELEASE box (running
 sendmail 8.11) it works fine.
  
 The same config under 4.5-STABLE (sendmail 8.12) doesn't work, and instead
 blackholes ALL inbound emails.
 
 ------_=_NextPart_001_01C1F7AC.EBD1B7F0
 Content-Type: text/html
 
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 <HTML><HEAD>
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
 <TITLE>Message</TITLE>
 
 <META content="MSHTML 6.00.2713.1100" name=GENERATOR></HEAD>
 <BODY>
 <DIV><FONT face=Arial size=2><SPAN class=020415722-09052002>I would add to 
 this:</SPAN></FONT></DIV>
 <DIV><FONT face=Arial size=2><SPAN 
 class=020415722-09052002></SPAN></FONT>&nbsp;</DIV>
 <DIV><FONT face=Arial size=2><SPAN class=020415722-09052002>If I set 
 bl.spamcop.net as the server on my 4.5-RELEASE box (running sendmail 8.11) it 
 works fine.</SPAN></FONT></DIV>
 <DIV><FONT face=Arial size=2><SPAN 
 class=020415722-09052002></SPAN></FONT>&nbsp;</DIV>
 <DIV><FONT face=Arial size=2><SPAN class=020415722-09052002>The same config 
 under 4.5-STABLE (sendmail 8.12) doesn't work, and instead blackholes ALL 
 inbound emails.</SPAN></FONT></DIV></BODY></HTML>
 
 ------_=_NextPart_001_01C1F7AC.EBD1B7F0--
State-Changed-From-To: open->feedback 
State-Changed-By: gshapiro 
State-Changed-When: Thu May 9 20:16:31 PDT 2002 
State-Changed-Why:  
bl.spamcop.net is broken.  When queried for an IPv6 address, it returns 
SERVFAIL: 

> dig aaaa 1.0.0.127.bl.spamcop.net 

; <<>> DiG 8.3 <<>> aaaa 1.0.0.127.bl.spamcop.net 
;; res options: init recurs defnam dnsrch 
;; got answer: 
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4 
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 
;; QUERY SECTION: 
;;      1.0.0.127.bl.spamcop.net, type = AAAA, class = IN 

It should return NODATA in which case sendmail would then query for an A 
record.  We have created a way to work around these broken DNS servers in 
8.12.4.  From cf/README: 

Some DNS based rejection lists cause failures if asked 
for AAAA records. If your sendmail version is compiled 
with IPv6 support (NETINET6) and you experience this 
problem, add 

define(`DNSBL_MAP', `dns -R A') 

before the first use of this feature.  Alternatively you 
can use enhdnsbl instead (see below). 

For the time being, you can use enhdnsbl instead of dnsbl to work around 
the broken DNS server.  See cf/README for information on using enhdnsbl. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=37866 
State-Changed-From-To: feedback->closed 
State-Changed-By: gshapiro 
State-Changed-When: Thu May 9 21:52:42 PDT 2002 
State-Changed-Why:  
Submitter is using enhdnsbl to work around broken nameserver. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=37866 
>Unformatted:
