Any mimedefang sharp shooters here?

Any mimedefang sharp shooters here?

[reader]

I want to get copies of all my personal outgoing mail as it leaves my
local sendmail process.  Its a single user machine so that would be
any mail leaving.  I do have some dummy accounts for testing mail and
such.  

I want to see *EXACTLY* what is actually being sent to my ISP
smarthost.  Certain mail I send clears my mta and appears to clear my
ISP smarthost as judged by verbose smtp output of mailx -v.

And I don't get a bounce.  The mail just never appears at the other
end.

Looks like I should be able to do this by installing mimedefang.  It
wants to do lots more than I need so I thought maybe I could sort of
short circuit the various perl sub funcs that get used and either make
them be ignored or return immediately allowing the script to run up to
the `filter_end' function where hopefully I could add some simple code
to have a duplicate deposited somewhere on my machine.

My perl is way too shakey to do this without wreaking major havoc.

Re: Any mimedefang sharp shooters here?

[Adam Sjøgren]

On Fri, 23 Jun 2006 12:26:33 -0500, reader@newsguy.com wrote:

> I want to see *EXACTLY* what is actually being sent to my ISP
> smarthost.

 $ sudo ngrep -Wbyline port 25 and host your.isp.smarthost > logfile

?

(That will get you what your ISP smarthost is replying, but maybe that
isn't that bad?)


  Best regards,

-- 
 "Du danser godt, men ude af takt"                            Adam Sjøgren
                                                         asjo@koldfront.dk

Re: Any mimedefang sharp shooters here?

[Adam Sjøgren]

On Sat, 24 Jun 2006 01:37:06 +0200, Adam wrote:

> (That will get you what your ISP smarthost is replying
                                                        /\
                                                        too


 (it is late,)

    Adam

-- 
 "Du danser godt, men ude af takt"                            Adam Sjøgren
                                                         asjo@koldfront.dk

Re: Any mimedefang sharp shooters here?

[reader]

asjo@koldfront.dk (Adam Sjøgren) writes:

> On Sat, 24 Jun 2006 01:37:06 +0200, Adam wrote:
>
>> (That will get you what your ISP smarthost is replying
>                                                         /\
>                                                         too


Hehe... 
I might be misunderstanding your meaning so if so please explain a bit
more. 

I have that (what ISP mailhub is saying). but thanks...  Just the
verbose output of mailx -v shows the ISP smtp handshake and acceptance
of the mail.

The problem must be occuring somewhere futher along toward the final
destination.  I'm hoping if I can see the exact message with all
headers I'm putting on it I might be able to figure out why.

Re: Any mimedefang sharp shooters here?

[Adam Sjøgren]

>>  $ sudo ngrep -Wbyline port 25 and host your.isp.smarthost > logfile

On Fri, 23 Jun 2006 23:16:12 -0500, reader@newsguy.com wrote:

> I have that (what ISP mailhub is saying). but thanks...  Just the
> verbose output of mailx -v shows the ISP smtp handshake and acceptance
> of the mail.

ngrep is a grep for network connections.

The quoted command will display everything that is sent on port 25
(smtp) between your machine and your.isp.smarthost (in a readable
way).

> The problem must be occuring somewhere futher along toward the final
> destination.  I'm hoping if I can see the exact message with all
> headers I'm putting on it I might be able to figure out why.

You will see what is sent over the wire to your ISP with ngrep.

Here is an example:

 asjo@topper:~$ sudo ngrep -Wbyline port 25 and host mail.unixzone.dk           
 interface: eth0 (192.168.1.0/255.255.255.0)
 filter: (ip or ip6) and ( port 25 and host mail.unixzone.dk )
 ####
 T 195.49.138.3:25 -> 192.168.1.160:47384 [AP]
 220 mailserver ESMTP - Sat, 24 Jun 2006 13:27:44 +0200 (MEST).

 ##
 T 192.168.1.160:47384 -> 195.49.138.3:25 [AP]
 EHLO topper.koldfront.dk.

 ##
 T 195.49.138.3:25 -> 192.168.1.160:47384 [AP]
 250-diablo.unixzone.dk Hello root@localhost [127.0.0.1], pleased to meet you.
 250-ENHANCEDSTATUSCODES.
 250-PIPELINING.
 250-EXPN.
 250-VERB.
 250-8BITMIME.
 250-SIZE.
 250-DSN.
 250-ETRN.
 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN.
 250-DELIVERBY.
 250 HELP.

 #
 T 192.168.1.160:47384 -> 195.49.138.3:25 [AP]
 MAIL FROM:<asjo@koldfront.dk> SIZE=1021 BODY=8BITMIME.
 RCPT TO:<asjo@unixzone.dk>.
 DATA.

 ##
 T 195.49.138.3:25 -> 192.168.1.160:47384 [AP]
 250 2.1.0 <asjo@koldfront.dk>... Sender ok.
 250 2.1.5 <asjo@unixzone.dk>... Recipient ok.
 354 Enter mail, end with "." on a line by itself.

 #
 T 192.168.1.160:47384 -> 195.49.138.3:25 [AP]
 Received: by topper.koldfront.dk (Postfix, from userid 1000).
 .id CD8011E78A9CE; Sat, 24 Jun 2006 13:27:42 +0200 (CEST).
 X-Hashcash: 1:23:060624:asjo@unixzone.dk::O95WPH//lqK7gbrN:18Ofu.
 From: asjo@koldfront.dk (Adam =?iso-8859-1?Q?Sj=F8gren?=).
 To: asjo@unixzone.dk.
 Subject: Testing ngrep.
 Organization: koldfront - analysis & revolution, Copenhagen, Denmark.
 X-Face: )qY&CseJ?.:=8F#^~GcSA?F=9eu'{KAFfL1C3/A&:nE?PW\i65"ba0NS)97,Q(^@xk}n4Ou.
  rPuR#V8I(J_@~H($[ym:`K_+]*kjvW>xH5jbgLBVFGXY:(#4P>zVBklLbdL&XxL\M)%T}3S/IS9lMJ.
  ^St'=VZBR<gm`!Dj`dIpp?+$"$l_'JKDN\w-jB;fo0Qy}Tbw.
 Date: Sat, 24 Jun 2006 13:27:42 +0200.
 Message-ID: <87lkrm94k1.fsf@topper.koldfront.dk>.
 User-Agent: Gnus/5.110006 (No Gnus v0.6) XEmacs/21.4.19 (linux).
 MIME-Version: 1.0.
 Content-Type: text/plain; charset=iso-8859-1.
 Content-Transfer-Encoding: 8bit.
 .
 This is a test..
 .
 -- .
  "Even if you don't have all the things you want, be          Adam Sj.gren.
   grateful for the things you don't have that you        asjo@koldfront.dk.
   don't want.".
 ..
 QUIT.

 ##
 T 195.49.138.3:25 -> 192.168.1.160:47384 [AP]
 250 2.0.0 k5OBRist021664 Message accepted for delivery.
 221 2.0.0 diablo.unixzone.dk closing connection.

 ####


  Best regards,

    Adam

-- 
 "There's such a glut of celebrities that they'll soon        Adam Sjøgren
  have to begin storing the surplus in silos in Iowa."   asjo@koldfront.dk

Re: Any mimedefang sharp shooters here?

[reader]

asjo@koldfront.dk (Adam Sjøgren) writes:

> The quoted command will display everything that is sent on port 25
> (smtp) between your machine and your.isp.smarthost (in a readable
> way).

I see and I noticed I didn't have it installed so did that and haven't
as yet tried it.

Looks very handy for this sort of stuff... thanks.

Re: Any mimedefang sharp shooters here?

[reader]

asjo@koldfront.dk (Adam Sjøgren) writes:

> The quoted command will display everything that is sent on port 25
> (smtp) between your machine and your.isp.smarthost (in a readable
> way).

I'm getting the data but not sure I see anything that should cause a
problem further along.

The RHS of From address is not a real IP (reader.local.lan) but that
hasn't stopped most mail from working.

Do you see something here that looks like a problem?

=========================================================
interface: eth0 (192.168.0.0/255.255.255.0)
filter: (ip) and ( port 25 and host smtp.sbcglobal.yahoo.com )
####
T 68.142.198.11:25 -> 192.168.0.4:60992 [AP]
220 smtp102.sbc.mail.mud.yahoo.com ESMTP.

##
T 192.168.0.4:60992 -> 68.142.198.11:25 [AP]
EHLO reader.local.lan.

#
T 68.142.198.11:25 -> 192.168.0.4:60992 [AP]
250-smtp102.sbc.mail.mud.yahoo.com.
250-AUTH LOGIN PLAIN XYMCOOKIE.
250-PIPELINING.
250 8BITMIME.

#
T 192.168.0.4:60992 -> 68.142.198.11:25 [AP]
AUTH LOGIN.

#
T 68.142.198.11:25 -> 192.168.0.4:60992 [AP]
334 VXNlcm5hbWU6.

#
T 192.168.0.4:60992 -> 68.142.198.11:25 [AP]
aHByZWFkZXJAc2JjZ2xvYmFsLm5ldA==.

#
T 68.142.198.11:25 -> 192.168.0.4:60992 [AP]
334 UGFzc3dvcmQ6.

#
T 192.168.0.4:60992 -> 68.142.198.11:25 [AP]
amlueDIxNw==.

##
T 68.142.198.11:25 -> 192.168.0.4:60992 [AP]
235 ok, go ahead (#2.0.0).

#
T 192.168.0.4:60992 -> 68.142.198.11:25 [AP]
MAIL From:<reader@reader.local.lan> AUTH=<>.

#
T 68.142.198.11:25 -> 192.168.0.4:60992 [AP]
250 ok.

#
T 192.168.0.4:60992 -> 68.142.198.11:25 [AP]
RCPT To:<bobbie@lydia-productions.com>.
DATA.

#
T 68.142.198.11:25 -> 192.168.0.4:60992 [AP]
250 ok.
354 go ahead.

#
T 192.168.0.4:60992 -> 68.142.198.11:25 [AP]
Received: from reader.local.lan (reader.local.lan [127.0.0.1]).
.by reader.local.lan (8.13.6/8.13.4) with ESMTP id k5OCfa17024677.
.for <bobbie@lydia-productions.com>; Sat, 24 Jun 2006 07:41:36 -0500.
Received: (from reader@localhost).
.by reader.local.lan (8.13.6/8.13.6/Submit) id k5OCfZXw024676.
.for bobbie@lydia-productions.com; Sat, 24 Jun 2006 07:41:35 -0500.
Date: Sat, 24 Jun 2006 07:41:35 -0500.
From: reader@reader.local.lan.
Message-Id: <200606241241.k5OCfZXw024676@reader.local.lan>.
To: bobbie@lydia-productions.com.
Subject: test  reader_0624074135.
.
some message.

##
T 192.168.0.4:60992 -> 68.142.198.11:25 [AP]
..

##
T 68.142.198.11:25 -> 192.168.0.4:60992 [AP]
250 ok 1151152927 qp 72015.

##
T 192.168.0.4:60992 -> 68.142.198.11:25 [AP]
QUIT.

#
T 68.142.198.11:25 -> 192.168.0.4:60992 [AP]
221 smtp102.sbc.mail.mud.yahoo.com.

Re: Any mimedefang sharp shooters here?

[Adam Sjøgren]

On Sat, 24 Jun 2006 07:49:27 -0500, reader@newsguy.com wrote:

> The RHS of From address is not a real IP (reader.local.lan) but that
> hasn't stopped most mail from working.

> Do you see something here that looks like a problem?

No. Ask the receiving mail-admin to look in her logs. Perhaps your
email gets caught in a spam-filter of some sort.

(This is quite off-topic for Gnus - you're not even sending the email
in question from Gnus - so perhaps you should take your quest
elsewhere?)


  Best regards,

-- 
 "There's such a glut of celebrities that they'll soon        Adam Sjøgren
  have to begin storing the surplus in silos in Iowa."   asjo@koldfront.dk

Re: Any mimedefang sharp shooters here?

[reader]

asjo@koldfront.dk (Adam Sjøgren) writes:

> (This is quite off-topic for Gnus - you're not even sending the email
> in question from Gnus - so perhaps you should take your quest
> elsewhere?)
>

Perhaps... thanks for your time.
I had intended to put an OT in subject line but forgot it.

I came here because of long experience that this list has some very
expert participants about mail issues.  That mail was sent from the
cmd line as a test.  I've been a long user of gnus since quassia 16 or
so.