# sendmail from ports + blacklistd - stopped working (?)



## DutchDaemon (Jan 17, 2018)

Can someone confirm (or disprove) that the current version of Sendmail from ports (8.15.2_5), explicitly compiled with the blacklistd flag, has stopped feeding offending IPs (e.g. those failing do_auth) to blacklistd since Jan 3?

I ran `blacklistd -d` to check, but the poll() revealed nothing while do_auth failures were coming in.

The poll() _did_ pick up sshd and ftpd activity, but all quiet on the Sendmail front, since Jan 3.

I ran `strings` on the Sendmail binary, and the expected output was there:
	
	



```
libblacklist.so.0
blacklist_r
blacklist_open
```
So it appears to be something working not quite right, or maybe a combination of compile options. Before I file a bug report, I just want to check for confirmation or lack thereof.

Using compile options:
	
	



```
OPTIONS_FILE_SET+=SHMEM
OPTIONS_FILE_SET+=SEM
OPTIONS_FILE_SET+=LA
OPTIONS_FILE_SET+=NIS
OPTIONS_FILE_SET+=IPV6
OPTIONS_FILE_SET+=TLS
OPTIONS_FILE_SET+=SASL
OPTIONS_FILE_SET+=SASLAUTHD
OPTIONS_FILE_UNSET+=LDAP
OPTIONS_FILE_UNSET+=BDB
OPTIONS_FILE_UNSET+=GDBM
OPTIONS_FILE_UNSET+=SOCKETMAP
OPTIONS_FILE_UNSET+=CYRUSLOOKUP
OPTIONS_FILE_SET+=BLACKLISTD
OPTIONS_FILE_UNSET+=SMTPUTF8
OPTIONS_FILE_SET+=PICKY_HELO_CHECK
OPTIONS_FILE_SET+=MILTER
OPTIONS_FILE_SET+=DOCS
```
Relevant part of blacklistd.conf:
	
	



```
[local]
smtp            stream  *       *               *       3       30d
smtps           stream  *       *               *       3       30d
submission      stream  *       *               *       3       30d
```
Output of `blacklistctl dump -nb` shows nothing after 2018/01/03 (on seven different installations).

Poudriere build info available at https://pastebin.com/wBCdXunK


----------



## Donald Baud (Apr 11, 2019)

I know this is an old thread but I had a similar issue.
I found that you need to signal sendmail with the flag:

```
-O UseBlackList
```

In other words I added to /etc/rc.conf:

```
sendmail_enable="YES"
sendmail_flags="-L sm-mta -bd -q30m -O UseBlacklist"
```

Also, keep in mind that only port: mail/sendmail is activated for blacklistd.  The base sendmail is not compiled with that feature.


----------



## ferz (Jul 27, 2019)

It's an old thread but I've the same trouble in July 2019, even if:

* I'm running sendmail from ports
* sendmail is compiled with option BLACKLISTD support (make config)
* I've inserted suggested line to activate the option from sendmail_flags in /etc/rc.conf
* I've executed "blacklistd -d"

I don't see poll() from sendmail or smtp or sasl2authd or submission transfer agent.
FreeBSD 11.3 with latest patch at today.

I've compiled endlessh (ssh tarpit) adding the blacklistd support and it seems at least send messages:


```
received 0 from poll()
received 0 from poll()
received 0 from poll()
received 1 from poll()
processing type=3 fd=6 remote=::ffff:93.39.143.244:10313 msg=endlessh user uid=0 gid=0
listening socket: ::ffff:144.76.91.66:22
look:   target:::ffff:144.76.91.66:22, proto:6, family:28, uid:0, name:=, nfail:*, duration:*
check:  target:587, proto:6, family:*, uid:*, name:*, nfail:3, duration:86400
check:  target:25, proto:6, family:*, uid:*, name:*, nfail:3, duration:86400
check:  target:22, proto:6, family:*, uid:*, name:*, nfail:3, duration:86400
found:  target:22, proto:6, family:*, uid:*, name:*, nfail:3, duration:86400
conf_apply: merge:      target:22, proto:6, family:*, uid:*, name:*, nfail:3, duration:86400
conf_apply: to: target:::ffff:144.76.91.66:22, proto:6, family:28, uid:0, name:=, nfail:*, duration:*
conf_apply: result:     target:::ffff:144.76.91.66:22, proto:6, family:28, uid:*, name:*, nfail:3, duration:86400
Applied address ::ffff:93.39.143.244:22
Applied address ::ffff:93.39.143.244:22
process: initial db state for ::ffff:93.39.143.244:10313: count=0/3 last=1970/01/01 00:00:00 now=2019/07/27 16:15:03
run /usr/libexec/blacklistd-helper [control add blacklistd tcp ::ffff:93.39.143.244 128 22 ]
/usr/libexec/blacklistd-helper: Unsupported packet filter
add returns (null)
process: final db state for ::ffff:93.39.143.244:10313: count=3/3 last=2019/07/27 16:15:03 now=2019/07/27 16:15:03
```

So I'm sure that blacklistd is listening something different than sshd.

But from /var/log/auth.log:


```
Jul 27 20:06:24 w1 saslauthd[891]:                 : auth failure: [user=gojo] [service=smtp] [realm=mydomain.com] [mech=pam] [reason=PAM auth error]
Jul 27 20:06:32 w1 saslauthd[896]:                 : auth failure: [user=support] [service=smtp] [realm=mydomain.com] [mech=pam] [reason=PAM auth error]
Jul 27 20:06:33 w1 saslauthd[892]:                 : auth failure: [user=gojo] [service=smtp] [realm=mydomain] [mech=pam] [reason=PAM auth error]
...
```

from /var/log/maillog:


```
Jul 27 20:03:50 w1 sm-mta[10948]: x6RK3WR9010948: [185.211.245.170] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
Jul 27 20:04:00 w1 sm-mta[10951]: x6RK3pTZ010951: [185.211.245.170] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
Jul 27 20:04:01 w1 sm-mta[10952]: x6RK3q9X010952: [185.211.245.170] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
Jul 27 20:04:11 w1 sm-mta[10955]: x6RK417C010955: [185.211.245.170] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
Jul 27 20:06:14 w1 sm-mta[10990]: x6RK62Ba010990: rrcs-69-75-91-250.west.biz.rr.com [69.75.91.250]: possible SMTP attack: command=AUTH, count=10
```

and


```
# ldd /usr/local/sbin/sendmail
/usr/local/sbin/sendmail:
        libwrap.so.6 => /usr/lib/libwrap.so.6 (0x8008d9000)
        libsasl2.so.3 => /usr/local/lib/libsasl2.so.3 (0x800ae2000)
        libblacklist.so.0 => /usr/lib/libblacklist.so.0 (0x800cff000)
        libssl.so.8 => /usr/lib/libssl.so.8 (0x800f02000)
        libcrypto.so.8 => /lib/libcrypto.so.8 (0x801200000)
        libutil.so.9 => /lib/libutil.so.9 (0x801676000)
        libc.so.7 => /lib/libc.so.7 (0x80188a000)
        libdl.so.1 => /usr/lib/libdl.so.1 (0x801c45000)
        libthr.so.3 => /lib/libthr.so.3 (0x801e46000)
```

How can we fix sendmail port to support again blacklistd?


Thank you in advance,                         \ferz


----------



## ferz (Jul 30, 2019)

*sendmail+blaclistd is working when pf is enabled.*



ferz said:


> It's an old thread but I've the same trouble in July 2019, even if:
> 
> * I'm running sendmail from ports
> * sendmail is compiled with option BLACKLISTD support (make config)
> ...


----------



## SirDice (Jul 30, 2019)

Configuration error? 

```
run /usr/libexec/blacklistd-helper [control add blacklistd tcp ::ffff:93.39.143.244 128 22 ]
/usr/libexec/blacklistd-helper: Unsupported packet filter
add returns (null)
```


----------



## SirDice (Jul 30, 2019)

If you look at the actual code in /usr/libexec/blacklistd-helper (it's a shell script) you can see you get that error message if it cannot figure out which firewall you enabled.

You have PF enabled but does /etc/pf.conf exist?


```
if [ -z "$pf" ]; then
        for f in npf pf ipf; do
                if [ -f "/etc/$f.conf" ]; then
                        pf="$f"
                        break
                fi
        done
fi

if [ -z "$pf" ]; then
        echo "$0: Unsupported packet filter" 1>&2
        exit 1
fi
```


----------

