Subj : sap/smtp interaction - wcsmtp build 451.7 To : All From : DAVE GOURD Date : Thu Jan 31 2019 19:18:36 Date: Sat, 29 Apr 2006 10:52:06 -0400 From: DAVE GOURD To: all Subject: sap/smtp interaction - wcsmtp build 451.7 Newsgroups: win.server.smtp.&.avs Message-ID: <1146322326.46.0@winserver.com> X-Mailer: Wildcat! Interactive Net Server v7.0.454.5 Lines: 211 When wcsap rejects a msg, does smtp/WINS close the connection with the client, or can/is the cip/cdn/hdn allowed to continue to send data to smtp in the same connection/transaction session? Should that session end at the time it is rejected? The messsage was rejected for [I think] spoofing our domain (CIP/CDN mismatch - spoofed our domain) although the sap log result showed reject (0) but not reason 'HELO/EHLO mismatch' as set in the filter file, smtp code was 554. I had what essentially is 'logfile spam' in my smtptrace log, wherein a given message/session had been rejected by wcsap, but the sender/caller started sending data anyway (the message w/headers). wcsmtp indicated "503 Need MAIL command." then caller evidently started sending the data stream anyway. wcsmtp sent back echos of the data '500 (data here) : command not understood' followed by the caller sending the next line of data/line of the message. This continued until the caller 'quit' the session, then WINS closed the connection '211 closing connection, **Completed. Is this normal? Never seen the log files get 'spammed' in 10 years running WC, figured I should ask. Am I missing something in the SAP ini or filter files? Caller IP is now firewalled, is listed with CBL (http://cbl.abuseat.org/), and reported to abuse at rr.com wcsmtp here is latest AUP (451.7). **wcsap log snippet (local user munged)** 20060428 18:28:11 00000446 ------------------------------------- 20060428 18:28:11 00000446 version : 2.06 / 1.62 20060428 18:28:11 00000446 calltype : SMTP 20060428 18:28:11 00000446 state : rcpt 20060428 18:28:11 00000446 cip : 71.75.124.244 20060428 18:28:11 00000446 cdn : foxriver.net 20060428 18:28:11 00000446 from : conrad0xsierra@rr.com 20060428 18:28:11 00000446 hdn : cpe-071-075-124- 244.carolina.res.rr.com 20060428 18:28:11 00000446 rcpt : john.doe@foxriver.net 20060428 18:28:11 00000446 ruid : 60 20060428 18:28:12 00000446 sapfilter : reject (time:687) 20060428 18:28:12 00000446 result : reject (0) 20060428 18:28:12 00000446 smtp code : 554 20060428 18:28:12 00000446 wcsap finish (797 msecs) **wcsmtp log snippet** 20060428 18:28:11 (0A88) HELO: Incoming connection: foxriver.net [71.75.124.244] 20060428 18:28:11 (0A88) Note: DNS says IP 71.75.124.244 belongs to host: cpe-071-075-124-244.carolina.res.rr.com 20060428 18:28:11 (0A88) MAIL FROM: ... Sender validation pending. Continue. 20060428 18:28:12 (0A88) RCPT: Return Path not verifiable: (Rejected by WCSAP Filter)! **wcsmtptrace snippet (local user munged)** ********************************************************** **************** Wildcat! SMTP Server v6.1.451.7 SMTP log started at Fri, 28 Apr 2006 18:28:11 Connection Time: 20060428 18:28:11 cid: 00000446 SSL Enabled: NO Client IP: 71.75.124.244 (cpe-071-075-124-244.carolina.res.rr.com) 18:28:11 S: 220-foxriver.net Wildcat! ESMTP Server v6.1.451.7 ready 18:28:11 S: 220-************** WARNING: FOR AUTHORIZED USE ONLY! ********************** 18:28:11 S: 220-* THIS SYSTEM DO NOT AUTHORIZE THE USE OF ITS PROPRIETARY COMPUTERS * 18:28:11 S: 220-* AND COMPUTER NETWORKS TO ACCEPT, TRANSMIT, OR DISTRIBUTE UNSOLICITED * 18:28:11 S: 220-* BULK E-MAIL SENT FROM THE INTERNET. THIS SYSTEM WILL RESTRICT ACCESS * 18:28:11 S: 220-* TO CAN-SPAM (US S. 877) COMPLIANT CLIENTS ONLY. * 18:28:11 S: 220 ********************************************************** ************** 18:28:11 C: HELO foxriver.net 18:28:11 S: 250 foxriver.net, Hello cpe-071-075-124-244.carolina.res.rr.com, why do you call yourself foxriver.net? 18:28:11 C: MAIL FROM: 18:28:11 S: 250 ... Sender validation pending. Continue. 18:28:11 C: RCPT TO: 18:28:12 ** WCX Process: wcsap ret: 554 (Rejected by WCSAP Filter) 18:28:12 S: 550 Return Path not verifiable. 18:28:12 C: DATA 18:28:12 S: 503 Need MAIL command. 18:28:12 C: Received: (qmail 18448 invoked by uid 53853); 18:28:12 S: 500 'Received: (qmail 18448 invoked by uid 53853);': command not understood. 18:28:12 C: Message-Id: <0764736_26563_38280.fodvnbkr@rr.com> 18:28:12 S: 500 'Message-Id: <0764736_26563_38280.fodvnbkr@rr.com>': command not understood. 18:28:12 C: Date: Fri, 29 Jul 2005 22:23:34 -0100 18:28:12 S: 500 'Date: Fri, 29 Jul 2005 22:23:34 -0100': command not understood. 18:28:12 C: Content-Type: text/plain; 18:28:12 S: 500 'Content-Type: text/plain;': command not understood. 18:28:12 C: charset="us-ascii" 18:28:12 S: 500 ' charset="us-ascii"': command not understood. 18:28:12 C: Content-Transfer-Encoding: 7bit 18:28:12 S: 500 'Content-Transfer-Encoding: 7bit': command not understood. 18:28:12 C: To: john.doe@foxriver.net 18:28:12 S: 500 'To: john.doe@foxriver.net': command not understood. 18:28:12 C: From: "Conrad Sierra" 18:28:12 S: 500 'From: "Conrad Sierra" ': command not understood. 18:28:12 C: Subject: Reduce your monthly payments 18:28:12 S: 500 'Subject: Reduce your monthly payments': command not understood. 18:28:12 C: 18:28:12 C: Hello, 18:28:12 S: 500 'Hello,': command not understood. 18:28:12 C: 18:28:12 C: You have been chosen to participate in an invitation only limited time event! 18:28:12 S: 500 'You have been chosen to participate in an invitation only limited time event!': command not understood. 18:28:12 C: Are you currently paying over three percent for your mortgage? stop right now! 18:28:12 S: 500 'Are you currently paying over three percent for your mortgage? stop right now!': command not understood. 18:28:12 C: We can help you lower that today! 18:28:12 S: 500 'We can help you lower that today!': command not understood. 18:28:12 C: Answer only a few questions and we can give you an approval in under thirty seconds.It really is that simple! 18:28:12 S: 500 'Answer only a few questions and we can give you an approval in under thirty seconds.It really is that simple!': command not understood. 18:28:12 C: 18:28:12 C: http://oa.r66j-fr.com/ 18:28:12 S: 500 'http://oa.r66j-fr.com/': command not understood. 18:28:12 C: 18:28:12 C: And stop fighting for lenders let them fight for you! Make them work for your business by giving you the lowest rates around! You deserve it. 18:28:12 S: 500 'And stop fighting for lenders let them fight for you! Make them work for your business by giving you the lowest rates around! You deserve it.': command not understood. 18:28:12 C: 18:28:12 C: Think your credit is too bad to get a deal like this? Think Again! We will have you saving your money in no time flat! 18:28:12 S: 500 'Think your credit is too bad to get a deal like this? Think Again! We will have you saving your money in no time flat!': command not understood. 18:28:12 C: 18:28:12 C: Are you ready to save your money? 18:28:12 S: 500 'Are you ready to save your money?': command not understood. 18:28:12 C: 18:28:12 C: http://ymv.r66j-fr.com/ 18:28:12 S: 500 'http://ymv.r66j-fr.com/': command not understood. 18:28:12 C: 18:28:12 C: Regards, 18:28:12 S: 500 'Regards,': command not understood. 18:28:12 C: Conrad Sierra 18:28:12 S: 500 'Conrad Sierra': command not understood. 18:28:12 C: 18:28:12 C: 18:28:12 C: 18:28:12 C: The woman had cut off his foot with an axe and his thumb with an electric knife, and here she was with a pile of caviar big enough to choke a warthog."Misery tried to scream, but could no longer even breathe. 18:28:12 S: 500 'The woman had cut off his foot with an axe and his thumb with an electric knife, and here she was with a pile of caviar big enough to choke a warthog."Misery tried to scream, but could no longer even breathe.': command not understood. 18:28:12 C: The champagne bottle hadnt been in the scenario, but that was minor compared with the womans hideous vitality and his current painful uncertainty.I have spared him, so you may shew him the way he must go.The open garbage can overflowed onto the floor and emitted the warm reek of spoiling food, but that wasnt the only thing wrong, or the worst smell..pictoria l 18:28:12 S: 500 'The champagne bottle hadnt been in the scenario, but that was minor compared with the womans hideous vitality and his current painful uncertainty.I have spared him, so you may shew him the way he must go.The open garbage can overflowed onto the floor and emitted the warm reek of spoiling food, but that wasnt the only thing wrong, or the worst smell..pictorial': command not understood. 18:28:12 C: He thought her illness might have been short indeed   a thunderclap coronary, say, followed by a trip to Saint Joes, followed by."s.It was only after midnight, an hour after Geoffrey had ridden into the gathering storm to try and fetch the doctor, that the midwife had grown alarmed.She approached the mattress, turned around, and squatted.. 18:28:12 S: 500 'He thought her illness might have been short indeed   a thunderclap coronary, say, followed by a trip to Saint Joes, followed by."s.It was only after midnight, an hour after Geoffrey had ridden into the gathering storm to try and fetch the doctor, that the midwife had grown alarmed.She approached the mattress, turned around, and squatted..': command not understood. 18:28:12 C: There were perhaps seventy acres of open ground between the house and the edge of the forest   the snow-cover over it was a perfect and blazing white.This was not the soothing sand of sleep but poisoned sand. 18:28:12 S: 500 'There were perhaps seventy acres of open ground between the house and the edge of the forest   the snow-cover over it was a perfect and blazing white.This was not the soothing sand of sleep but poisoned sand.': command not understood. 18:28:12 C: 18:28:12 C: . 18:28:12 S: 500 '.': command not understood. 18:28:12 C: QUIT 18:28:12 S: 221 closing connection 18:28:13 ** Completed --- Platinum Xpress/Win/WINServer v3.1 * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013) .