Bug 1482808

Summary: sendmail is changing milter-greylist 451 return codes into 550, losing mail
Product: [Fedora] Fedora Reporter: Trevor Cordes <fedora>
Component: sendmailAssignee: Jaroslav Škarvada <jskarvad>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 26CC: jskarvad, olysonek, rzilka
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sendmail-8.15.2-19.fc26 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-31 14:53:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Trevor Cordes 2017-08-18 06:45:43 UTC 
Description of problem:
sendmail 8.15.2-16.fc26 is quietly changing milter-greylist's transient 451 return codes into hard-fail 550 return codes which it then gives to the remote MTA.  This causes a hard bounce and the email will never be retried, completely breaking greylisting/email.

It's really insidious because email doesn't just stop: there are still 2 cases where emails get through: the tuple is in gm's hard or auto-whitelist, or the end user resends the email after the gm timeout period.  So many emails will get through and mail admins may not know there is a problem until they start getting some phone calls about missing emails...

dnf downgrade sendmail
to 8.15.2-14.fc26 solves this bug as a workaround until a new rpm is released.

Version-Release number of selected component (if applicable):
sendmail 8.15.2-16.fc26
milter-greylist-4.6.2-3.fc26.x86_64

How reproducible:
always

Steps to Reproduce:
1. setup sendmail with milter-greylist
2. test it remotely (some host NOT whitelisted, so localhost is usually out):
3.
telnet problemsendmailhost.com 25
HELO problemsendmailhost.com
MAIL FROM:yourname
RCPT TO: <validuser>

Actual results:
550 <validuser>... 451 4.7.1 Greylisting in action, please come back later


Expected results:
451 4.7.1 Greylisting in action, please come back later
(which is what 8.15.2-14.fc26 gives)


Additional info:
This sounds exactly like the bug mentioned here in 2015
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807258
which it says was fixed upstream, but in 8.16?  Seems like someone maintaining 8.15 hosed this patch.
Comment 1 Jaroslav Škarvada 2017-08-18 10:39:50 UTC 
Thanks for info. We had older version of this patch in Fedora which introduced this problem
Comment 2 Fedora Update System 2017-08-18 12:50:15 UTC 
sendmail-8.15.2-19.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b2b8e47545
Comment 3 Fedora Update System 2017-08-22 18:05:53 UTC 
sendmail-8.15.2-19.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b2b8e47545
Comment 4 Fedora Update System 2017-08-31 14:53:32 UTC 
sendmail-8.15.2-19.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.