Hi,
A customer of ours has brought to my attention an error they received from Exim
when they were simulating an SMTP session. On investigating the error (empty
message body gives 451 after DATA), it seems to be more sinister.
The symptoms are:
220 ClaraNET Mail Service ESMTP (HOST.uk.clara.net)
EHLO mutare.noc.clara.net
250-HOST.uk.clara.net Hello mutare.noc.clara.net [195.8.70.94]
250-SIZE
250-ETRN
250-PIPELINING
250 HELP
MAIL FROM:<an@???>
250 <an@???> is syntactically correct
RCPT TO:<another@???>
250 <another@???> verified
354 Enter message, ending with "." on a line by itself
DATA
.
451 Error while writing spool file
On the server side (running at maximum debugging level) this was the output.
I have started the copy/paste from where things start to look dubious and I
have obfuscated some details:
>>Original headers (size=-1):
xim/spool/etrn/${domain}
user=claranet
bsmtp=domain
check_string = "."
escape_string = ".."
prefix = ""
suffix = ""
mode = 0644
# Remove Delivery For Scanning
# ----------------------------
#
# Messages are sent to the virus scanning servers
# by this transport
send_to_virus_host_smtp:
driver = smtp
hosts = antivirus.uk.clara.net
end
# handles the alias file
System_aliases:
driver = aliasfile
file_transport = address_file
pipe_transport = address_pipe
**** debug string overflowed buffer ****
search_tidyup called
>>Final headers:
P Received: from mutare.noc.clara.net ([195.8.70.94])
by HOST.uk.clara.net with esmtp (Exim 3.22 #2)
id 178Nmq-0008r9-00
for another@???; Thu, 16 May 2002 17:07:29 +0100
I Message-Id: <E178Nmq-0008r9-00@???>
F From: an@???
B Bcc:
Date: Thu, 16 May 2002 17:07:29 +0100
xim/spool/etrn/${domain}
user=claranet
bsmtp=domain
check_string = "."
escape_string = ".."
prefix = ""
suffix = ""
mode = 0644
# Remove Delivery For Scanning
# ----------------------------
#
# Messages are sent to the virus scanning servers
# by#
ILOG: 0 MAIN
Message abandoned: Spool write error (Bad address) while receiving message from mutare.noc.clara.net [195.8.70.94]
SMTP>> 451 Error while writing spool file
I tracked down the error message to this section of code in accept.c:
if (fflush(data_file) == EOF || ferror(data_file) ||
fsync(fileno(data_file)) < 0 || (accept_ferror)(fin))
{
char *msg_errno = strerror(errno);
BOOL input_error = (accept_ferror)(fin) != 0;
char *msg = string_sprintf("%s error (%s) while receiving message from %s",
input_error? "Input read" : "Spool write",
msg_errno,
(sender_fullhost != NULL)? sender_fullhost : sender_ident);
"Bad address" is EFAULT, which one of fflush, fsync, ferror is returning. My
bet is on write() which can return EFAULT when called by fflush.
I couldn't determine why data_file might end up with a value that would cause
fflush() to break, though, so any comments would be appreciated.
Also of interest is that Exim printed out part of the contents of the config
file and overflowed the debug buffer ("**** debug string overflowed buffer
****"), which I isolated to this code, also in accept.c:
DEBUG(9)
{
debug_printf(">>Original headers (size=%d):\n", message_size-1);
for (h = header_list->next; h != NULL; h = h->next)
debug_printf("%s", h->text);
debug_printf("\n");
if (next != NULL) debug_printf("%s", next->text);
}
So I guess that here also 'h' was not pointing to what it was supposed to point
to, when the message is empty.
The version of Exim on this server is 3.22 and I found the following entry in
the ChangeLog which may be related, but I would appreciate a confirmation of
this before I upgrade this server, if that might be possible:
3.30/25:
If a write error occurred when updating the -H file, an incorrect error
message could be output (errno not preserved). This has been fixed, and more
detail is now included in the message.
(although at the point of this error I think Exim is writing the -D file)
The bug does not occur 100% of the time. I tried about 10 times and got this
behaviour on perhaps 8 occasions.
Any ideas as to what is causing this behaviour would be appreciated. If there
is any further data I can provide to assist, do let me know.
Ollie
--
Oliver Cook Systems Administrator, ClaraNET
ollie@??? 020 7903 3065
