sendmail from ports + blacklistd - stopped working (?)

DutchDaemon

Administrator
Staff member
Administrator
Moderator
Developer

Reaction score: 3,204
Messages: 11,430

Can someone confirm (or disprove) that the current version of Sendmail from ports (8.15.2_5), explicitly compiled with the blacklistd flag, has stopped feeding offending IPs (e.g. those failing do_auth) to blacklistd since Jan 3?

I ran blacklistd -d to check, but the poll() revealed nothing while do_auth failures were coming in.

The poll() did pick up sshd and ftpd activity, but all quiet on the Sendmail front, since Jan 3.

I ran strings on the Sendmail binary, and the expected output was there:
Code:
libblacklist.so.0
blacklist_r
blacklist_open
So it appears to be something working not quite right, or maybe a combination of compile options. Before I file a bug report, I just want to check for confirmation or lack thereof.

Using compile options:
Code:
OPTIONS_FILE_SET+=SHMEM
OPTIONS_FILE_SET+=SEM
OPTIONS_FILE_SET+=LA
OPTIONS_FILE_SET+=NIS
OPTIONS_FILE_SET+=IPV6
OPTIONS_FILE_SET+=TLS
OPTIONS_FILE_SET+=SASL
OPTIONS_FILE_SET+=SASLAUTHD
OPTIONS_FILE_UNSET+=LDAP
OPTIONS_FILE_UNSET+=BDB
OPTIONS_FILE_UNSET+=GDBM
OPTIONS_FILE_UNSET+=SOCKETMAP
OPTIONS_FILE_UNSET+=CYRUSLOOKUP
OPTIONS_FILE_SET+=BLACKLISTD
OPTIONS_FILE_UNSET+=SMTPUTF8
OPTIONS_FILE_SET+=PICKY_HELO_CHECK
OPTIONS_FILE_SET+=MILTER
OPTIONS_FILE_SET+=DOCS
Relevant part of blacklistd.conf:
Code:
[local]
smtp            stream  *       *               *       3       30d
smtps           stream  *       *               *       3       30d
submission      stream  *       *               *       3       30d
Output of blacklistctl dump -nb shows nothing after 2018/01/03 (on seven different installations).

Poudriere build info available at https://pastebin.com/wBCdXunK
 

Donald Baud

Member

Reaction score: 20
Messages: 27

I know this is an old thread but I had a similar issue.
I found that you need to signal sendmail with the flag:
Code:
-O UseBlackList

In other words I added to /etc/rc.conf:
Code:
sendmail_enable="YES"
sendmail_flags="-L sm-mta -bd -q30m -O UseBlacklist"

Also, keep in mind that only port: mail/sendmail is activated for blacklistd. The base sendmail is not compiled with that feature.
 

ferz

New Member


Messages: 3

It's an old thread but I've the same trouble in July 2019, even if:

* I'm running sendmail from ports
* sendmail is compiled with option BLACKLISTD support (make config)
* I've inserted suggested line to activate the option from sendmail_flags in /etc/rc.conf
* I've executed "blacklistd -d"

I don't see poll() from sendmail or smtp or sasl2authd or submission transfer agent.
FreeBSD 11.3 with latest patch at today.

I've compiled endlessh (ssh tarpit) adding the blacklistd support and it seems at least send messages:

Code:
received 0 from poll()
received 0 from poll()
received 0 from poll()
received 1 from poll()
processing type=3 fd=6 remote=::ffff:93.39.143.244:10313 msg=endlessh user uid=0 gid=0
listening socket: ::ffff:144.76.91.66:22
look:   target:::ffff:144.76.91.66:22, proto:6, family:28, uid:0, name:=, nfail:*, duration:*
check:  target:587, proto:6, family:*, uid:*, name:*, nfail:3, duration:86400
check:  target:25, proto:6, family:*, uid:*, name:*, nfail:3, duration:86400
check:  target:22, proto:6, family:*, uid:*, name:*, nfail:3, duration:86400
found:  target:22, proto:6, family:*, uid:*, name:*, nfail:3, duration:86400
conf_apply: merge:      target:22, proto:6, family:*, uid:*, name:*, nfail:3, duration:86400
conf_apply: to: target:::ffff:144.76.91.66:22, proto:6, family:28, uid:0, name:=, nfail:*, duration:*
conf_apply: result:     target:::ffff:144.76.91.66:22, proto:6, family:28, uid:*, name:*, nfail:3, duration:86400
Applied address ::ffff:93.39.143.244:22
Applied address ::ffff:93.39.143.244:22
process: initial db state for ::ffff:93.39.143.244:10313: count=0/3 last=1970/01/01 00:00:00 now=2019/07/27 16:15:03
run /usr/libexec/blacklistd-helper [control add blacklistd tcp ::ffff:93.39.143.244 128 22 ]
/usr/libexec/blacklistd-helper: Unsupported packet filter
add returns (null)
process: final db state for ::ffff:93.39.143.244:10313: count=3/3 last=2019/07/27 16:15:03 now=2019/07/27 16:15:03

So I'm sure that blacklistd is listening something different than sshd.

But from /var/log/auth.log:

Code:
Jul 27 20:06:24 w1 saslauthd[891]:                 : auth failure: [user=gojo] [service=smtp] [realm=mydomain.com] [mech=pam] [reason=PAM auth error]
Jul 27 20:06:32 w1 saslauthd[896]:                 : auth failure: [user=support] [service=smtp] [realm=mydomain.com] [mech=pam] [reason=PAM auth error]
Jul 27 20:06:33 w1 saslauthd[892]:                 : auth failure: [user=gojo] [service=smtp] [realm=mydomain] [mech=pam] [reason=PAM auth error]
...

from /var/log/maillog:

Code:
Jul 27 20:03:50 w1 sm-mta[10948]: x6RK3WR9010948: [185.211.245.170] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
Jul 27 20:04:00 w1 sm-mta[10951]: x6RK3pTZ010951: [185.211.245.170] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
Jul 27 20:04:01 w1 sm-mta[10952]: x6RK3q9X010952: [185.211.245.170] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
Jul 27 20:04:11 w1 sm-mta[10955]: x6RK417C010955: [185.211.245.170] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
Jul 27 20:06:14 w1 sm-mta[10990]: x6RK62Ba010990: rrcs-69-75-91-250.west.biz.rr.com [69.75.91.250]: possible SMTP attack: command=AUTH, count=10

and

Code:
# ldd /usr/local/sbin/sendmail
/usr/local/sbin/sendmail:
        libwrap.so.6 => /usr/lib/libwrap.so.6 (0x8008d9000)
        libsasl2.so.3 => /usr/local/lib/libsasl2.so.3 (0x800ae2000)
        libblacklist.so.0 => /usr/lib/libblacklist.so.0 (0x800cff000)
        libssl.so.8 => /usr/lib/libssl.so.8 (0x800f02000)
        libcrypto.so.8 => /lib/libcrypto.so.8 (0x801200000)
        libutil.so.9 => /lib/libutil.so.9 (0x801676000)
        libc.so.7 => /lib/libc.so.7 (0x80188a000)
        libdl.so.1 => /usr/lib/libdl.so.1 (0x801c45000)
        libthr.so.3 => /lib/libthr.so.3 (0x801e46000)

How can we fix sendmail port to support again blacklistd?


Thank you in advance, \ferz
 

ferz

New Member


Messages: 3

sendmail+blaclistd is working when pf is enabled.

It's an old thread but I've the same trouble in July 2019, even if:

* I'm running sendmail from ports
* sendmail is compiled with option BLACKLISTD support (make config)
* I've inserted suggested line to activate the option from sendmail_flags in /etc/rc.conf
* I've executed "blacklistd -d"

I don't see poll() from sendmail or smtp or sasl2authd or submission transfer agent.
FreeBSD 11.3 with latest patch at today.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,690
Messages: 39,287

Configuration error?
Code:
run /usr/libexec/blacklistd-helper [control add blacklistd tcp ::ffff:93.39.143.244 128 22 ]
/usr/libexec/blacklistd-helper: Unsupported packet filter
add returns (null)
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,690
Messages: 39,287

If you look at the actual code in /usr/libexec/blacklistd-helper (it's a shell script) you can see you get that error message if it cannot figure out which firewall you enabled.

You have PF enabled but does /etc/pf.conf exist?

Code:
if [ -z "$pf" ]; then
        for f in npf pf ipf; do
                if [ -f "/etc/$f.conf" ]; then
                        pf="$f"
                        break
                fi
        done
fi

if [ -z "$pf" ]; then
        echo "$0: Unsupported packet filter" 1>&2
        exit 1
fi
 
Top