Score:1

Server

After adding a new DNSBL to Sendmail, how can I resubmit an email to see if it will be rejected?

PFudd

11/30/22, 11:56 PM

TL;DR

How can I fool my own sendmail into thinking an email comes from a particular ip address, so that it rejects the message due to a DNSBL match?

Details:

I run my own mail server, and most spam is blocked by the DNS black lists (DNSBL) that I've added to /etc/mail/sendmail.mc like so:

dnl FEATURE(`dnsbl',`dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} " found in dnsbl.sorbs.net"')dnl
dnl FEATURE(`dnsbl',`b.barracudacentral.org',`"554 Rejected " $&{client_addr} " found in b.barracudacentral.org"')dnl

Today some spam came in (passing all tests), and after checking MX Toolbox and DNSBL Information could see that adding one of several DNSBLs would have blocked this particular spam.

So, I added another DNSBL, and now I want to test it by resubmitting this email to Sendmail, but therein lies the problem: it won't be coming from the right ip address, and the DNSBL won't see it as bad.

Here's the command I normally would have used:

formail -s /usr/sbin/sendmail -oi -t < testmail.mbox

Before I try to reinvent a wheel, I thought I'd ask here first. Possible ideas:

Is there a CLI option to sendmail for faking the source ip?
Maybe craft a queued message file and put it in the queue directly?
Perhaps set up another ip address on my machine, and send to myself with it?
Would an OpenVPN or SSH tunnel be a quick fix?
Possibly a shared library could be loaded to intercept system calls, à la LibFakeTime?
Dtrace looks powerful, can it alter getsockopt(2) calls like this?

Thanks!

1 + 2

email-server

spam

sendmail

rbl

NiKiZe

12/1/22, 6:58 AM

SMTP uses TCP connections which can't have faked IPs (short from "owning" the IP) The blocklist, as you said runs on receive, so not easy to retest. You could add that IP to your own network to test, but needs correct routing. Generally it is more work than it is worth, try to find some other test service, or just wait for spam to hit again.

PFudd

12/3/22, 1:55 AM

It turns out "owning" the IP was the solution, and as long as the IP was added on the same host as sendmail, routing is automatic. That being said, I'm not sure if I'd want to try it with Docker or some other virtual machine, as routing gets really hairy there.

Score:1

Server

PFudd

12/3/22, 1:46 AM

After sleeping on it, the solution ended up being trivial:

ssh my-mail-server

# Add 1.2.3.4 as an alias (eth1:0) to interface eth1:
sudo ifconfig eth1:0 1.2.3.4 netmask 255.255.255.255

# Use 1.2.3.4 as the source ip, connect to port 25 on the local host:
nc -s 1.2.3.4 0.0.0.0 25

HELO 1.2.3.4
MAIL FROM: [email protected]
RCPT TO: [email protected]
DATA
Subject: is this really from 1.2.3.4?

Test from 1.2.3.4
.
QUIT
^C

# Deleting 1.2.3.4 from eth1:
sudo ifconfig eth1:0 0.0.0.0

Voilà, the resulting header:

Return-Path: <[email protected]>
Received: from 1.2.3.4 ([1.2.3.4] (may be forged))
    by earth.com (8.15.2/8.15.2) with SMTP id 1731SlYY013775
    for <[email protected]>; Mon, 2 Aug 2021 18:29:14 -0700
Authentication-Results:the-force.com; dkim=permerror (bad message/signature format)
Date: Mon, 2 Aug 2021 18:28:47 -0700
From: <[email protected]>
Message-Id: <[email protected]>
Subject: Test subject

It also revealed that the ip address was not being blocked (DNSBL not working?), so in that sense, the test was a success. :-/

Update: D'oh! The lines in sendmail.mc should be like this instead:

FEATURE(`dnsbl',`dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} " found in dnsbl.sorbs.net"')dnl
FEATURE(`dnsbl',`b.barracudacentral.org',`"554 Rejected " $&{client_addr} " found in b.barracudacentral.org"')dnl

In other words, the 'dnl' on the front was commenting-out all of the DNSBL lines. :-(

Aaaaand this is why we test, ladies and gentlemen.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: After adding a new DNSBL to Sendmail, how can I resubmit an email to see if it will be rejected?

TH: หลังจากเพิ่ม DNSBL ใหม่ไปยัง Sendmail ฉันจะส่งอีเมลอีกครั้งเพื่อดูว่าจะถูกปฏิเสธได้อย่างไร

RO: După ce am adăugat un nou DNSBL la Sendmail, cum pot retrimite un e-mail pentru a vedea dacă va fi respins?

RU: После добавления нового DNSBL в Sendmail, как я могу повторно отправить электронное письмо, чтобы увидеть, будет ли оно отклонено?

VI: Sau khi thêm DNSBL mới vào Sendmail, làm cách nào để gửi lại email để xem email có bị từ chối không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.