From tamaru@ap.t.u-tokyo.ac.jp  Sat Mar 14 03:14:49 1998
Received: from gin.myn.t.u-tokyo.ac.jp (gin.myn.t.u-tokyo.ac.jp [133.11.68.125])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA20888
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 14 Mar 1998 03:14:47 -0800 (PST)
          (envelope-from tamaru@ap.t.u-tokyo.ac.jp)
Received: (for delivery from tamaru@localhost) by gin.myn.t.u-tokyo.ac.jp (8.8.8/8.6.12) id UAA12831; Sat, 14 Mar 1998 20:14:45 +0900 (JST)
Message-Id: <199803141114.UAA12831@gin.myn.t.u-tokyo.ac.jp>
Date: Sat, 14 Mar 1998 20:14:45 +0900 (JST)
From: Hiroharu Tamaru <tamaru@ap.t.u-tokyo.ac.jp>
Reply-To: tamaru@ap.t.u-tokyo.ac.jp
To: FreeBSD-gnats-submit@freebsd.org
Subject: /etc/mail/sendmail.cf.addtions seems to leak.
X-Send-Pr-Version: 3.2

>Number:         6002
>Category:       conf
>Synopsis:       /etc/mail/sendmail.cf.addtions seems to leak.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    peter
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 14 03:20:02 PST 1998
>Closed-Date:    Mon Dec 27 18:42:53 PST 1999
>Last-Modified:  Mon Dec 27 18:43:34 PST 1999
>Originator:     Hiroharu Tamaru
>Release:        FreeBSD 2.2.6-BETA i386
>Organization:
Dept. Appl. Phys, University of Tokyo.
>Environment:
	System: FreeBSD gin.myn.t.u-tokyo.ac.jp 2.2.6-BETA FreeBSD 2.2.6-BETA #0: Sat Mar 14 01:27:36 JST 1998 tamaru@gin.myn.t.u-tokyo.ac.jp:/workspace/usr.src/sys/compile/GIN i386
	CVSupped on Mar 12.

>Description:

 /etc/mail/sendmail.cf.addtions may not be correct.

 `Connecting Host must resolve' function and 
 `ip address must NOT be in Paul Vixie's RBL' function
 in rule `check_mail' and
 `mail must come from or go to this machine or machines we allow to relay'
 in rule `check_recpt' doesn't seem to work.

 I say 'seem' because I haven't checked it in real practice whether it 
 really does forward junk mails.
 I just checked it with the -bt option of sendmail.
 
>How-To-Repeat:

 Say, for the first one:

 After replacing one rule in rule `check_mail'(line 76) like the following,
 so that some client name is passed while testing with sendmail -bt
 -R$*			$: $1 $: $(dequote "" $&{client_name} $)
 +$*			$: $1 $: $(dequote "" "host.junk.com" $)

 % sendmail -bt
 > check_mail user@freebsd.org
 rewrite: ruleset 196   input: user @ freebsd . org
 rewrite: ruleset   3   input: user @ freebsd . org
 rewrite: ruleset  96   input: user < @ freebsd . org >
 rewrite: ruleset  96 returns: user < @ freebsd . org . >
 rewrite: ruleset   3 returns: user < @ freebsd . org . >
 rewrite: ruleset   3   input: foo @ OK $: host . junk . com
 rewrite: ruleset  96   input: foo < @ OK $: host . junk . com >
 rewrite: ruleset  96 returns: foo < @ host . junk . com >
 rewrite: ruleset   3 returns: foo < @ host . junk . com >
 rewrite: ruleset 199   input: foo < @ host . junk . com > $:
 rewrite: ruleset 199 returns: foo < @ host . junk . com > $:
 rewrite: ruleset 196 returns: OK

 Since host.junk.com is not a valid host, this should not pass through.
 
>Fix:
	
 I don't know much about sendmail.cf but the following seems
 to make things better.

--- sendmail.cf.additions-      Sat Mar 14 00:29:26 1998
+++ sendmail.cf.additions       Sat Mar 14 19:25:01 1998
@@ -68,19 +68,21 @@
 # mail must NOT come from a known source of spam--BEGIN
 R$+ @$+                        $: <$1@$2> $2
 R<$*> $+.$+.$+         <$1> $3.$4
-R<$*> $*               $: $(spamsites $2 $: OK $)
+R<$*> $*               $: $(spamsites $2 $: <$1> $2 $)
 R$+.REJECT             $#error $: 521 $1 
 R<$*> $*               $: $1
 # mail must NOT come from a known source of spam--END
 # Connecting Host must resolve--BEGIN
-R$*                    $: $1 $: $(dequote "" $&{client_name} $)
-R$*                    $: $>3 foo@$1
+R$*                    $: <$1> $(dequote "" $&{client_name} $)
+R<$*> $*               $: <$1> $>3 foo@$2
+R<$*> $* < @ $+ . >    $: $1
 R<$*> $*<@$*>          $#error $: "451 Domain does not resolve"
 # Connecting Host must resolve--END
 # ip address must NOT be in Paul Vixie's RBL--BEGIN
-R$*                    $: $1 $: $(dequote "" $&{client_addr} $)
-R$*                    $: $>check_rbl $1
+R$*                    $: <$1> $(dequote "" $&{client_addr} $)
+R<$*> $*               $: <$1> $>check_rbl $2
 R$*.com.               $#error $: "550 Mail refused, see http://maps.vix.com/rbl"
+R<$*> $*               $1
 # ip address must NOT be in Paul Vixie's RBL--END
 R$*                    $@ OK
 
@@ -100,7 +102,7 @@
 R<$*> $*               $: $1
 # mail must NOT be addressed "fakenames"--END
 # mail must come from or go to this machine or machines we allow to relay--BEGIN
-# R$*                  $: $>Parse0 $>3 $1
+# R$*                  $: $>3 $1
 # R$+ < @ $* . > $*    $: $1 < @ $2 >
 # R$+ < @ $=w>         $@ OK
 # R$+ < @ $* $=R>      $@ OK
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->	peter 
Responsible-Changed-By: phk 
Responsible-Changed-When: Sun Apr 26 23:59:52 PDT 1998 
Responsible-Changed-Why:  
->peter 
State-Changed-From-To: open->closed 
State-Changed-By: peter 
State-Changed-When: Mon Dec 27 18:42:53 PST 1999 
State-Changed-Why:  
sendmail.cf.addidions is gone and replaced by the internal sendmail anti-spam provisions. 
>Unformatted:
