ESMTP listener not rejecting not permitted host

courteous-yorkshire · December 19, 2023, 8:56pm

Despite configuring the SMTP listener to accept connections only from specific hosts, messages from unauthorized hosts are not being rejected.

Configuration:
init.lua

kumo.start_esmtp_listener({
listen = "0.0.0.0:25",
relay_hosts = { "127.0.0.1", "192.168.1.0/24", "<myredactedipv4>" },
})

listener_domains

["*"]
relay_to = false
log_oob = true
log_arf = true

Messages from an unauthorized host (91.92.251.215) were successfully received. This is evident from the message receipt log:

{"type":"Reception","id":"ebaaab5e9e7b11eeb206960002ccea16","sender":"test@test.com","recipient":"mmiihhww09@gmail.com","queue":"default@gmail.com","site":"","size":594,"response":{"code":250,"enhanced_code":null,"content":"","command":null},"peer_address":{"name":"WIN-CLJ1B0GQ6JP","addr":"91.92.251.215"},"timestamp":1702996556,"created":1702996556,"num_attempts":0,"bounce_classification":"Uncategorized","egress_pool":null,"egress_source":null,"feedback_report":null,"meta":{},"headers":{"Subject":"test smtp xx.xx.xx.xxx--"},"delivery_protocol":null,"reception_protocol":"ESMTP","nodeid":"dd2b41fd-78f0-4105-8cd9-01ac7114cada"}

Does the listener domains precede the relay_hosts or does it need an extra configuration to be rejected?

Additional Issue:
Every message receipt, regardless of its validity, has the bounce_classification field set to Uncategorized. This occurs even though the default IANA configuration is loaded in the init handler.

Mike · December 19, 2023, 9:00pm

Ok, so what you should see with your config is that any host can inject messages. Those messages will be evaluated for being an FBL or DSN, and will be dropped (logged if they match as DSN or FBL). Only authorized hosts should be able to relay out.

Mike · December 19, 2023, 9:01pm

So based on that config, no host should be rejected outright.

courteous-yorkshire · December 19, 2023, 9:16pm

Ah, I see it now! Thanks for clearing that up. Looks like I misunderstood the order a bit there . It makes sense now – the listener accepts the connection first and applies the relay host configuration after FBL/DSN evaluation. Appreciate your help in sorting this out!

Mike · December 19, 2023, 9:21pm

Happy to! I’ll try and add a note to the docs about it too.

courteous-yorkshire · December 19, 2023, 9:23pm

The doc has a good intro, actually:

“When listening via SMTP, it is common to simply define a list of relay_hosts permitted to connect and relay messages through the server. Any host that connects and does not match the list of relay hosts will be allowed to connect to the server, but will not be permitted to relay mail through the server.”

What confused me was the order of setting up the relay_host in the listener and then get_listener_domain, which translated in my mind in the order they would be applied.

courteous-yorkshire · December 19, 2023, 9:28pm

Also, is the bounce_classification field by convention set to Uncategorized for non-bounce messages?

Mike · December 19, 2023, 9:30pm

Oh I always assume the docs need improving. And yes, Uncategorized is the default.

wez · December 19, 2023, 9:34pm

Every response, regardless of the type of log record, is run through the classifier as part of logging. Responses that don’t match any classification are recorded as Uncategorized

courteous-yorkshire · December 19, 2023, 9:47pm

Thanks, this is clear to me now.