I am re-posting this as I did not see any response to the first one...
Perhaps I was not clear enough in my first posting which is below, but
the internal exiscan variables are not behaving properly when there are
multiple messages in a single SMTP transaction, thus a message with
malformed MIME parts will be delivered on any subsequent DATA commands
that are part of a single SMTP transaction. For example, I can have the
first 'MAIL/RCPT/DATA' fail with a MIME error, and then ANY
'MAIL/RCPT/DATA' after that first failure, will ACCEPT any malformed
message. So currently, they only way to avoid this, is to allow only
one MAIL command per SMTP session.
Anyone that can confirm this behavoir does/doesn't exist on their
systems would be greatly appreciated. :)
Here is the original message that I posted...
------
Here is the problem, on exim 4.43 with exiscan-acl-4.43-28.patch,
a malformed message (in my example below there are bad base64 chars),
passes the demime error checks the second time through on the same
connection.
To test, connect to your exim MTA with telnet, issue a standard SMTP
transaction, feed the example below as the data, exiscan will reject
the message (if you have the errors >=2 I believe), after the
message is rejected, issue another "mail from" command, i used the
exact same information for the mail from: and rcpt to: commands, and
feed the message through a second time, this time it will pass the
demime checks, or at least it does on my machines, yes machines, i have
tested this on multiple exim/exiscan installs that I run.
Just for calrity, here is a mock smtp transaction to exibit the problem:
EHLO localhost.localdomain
OK
MAIL FROM:<user-at-my-domain.com>
OK
RCPT TO:<user-at-my-domain.com>
OK
DATA
<--past the fake message below in-->
.
550 Rejected, bad mime parts
MAIL FROM:<user-at-my-domain.com>
OK
RCPT TO:<user-at-my-domain.com>
OK
DATA
<--past the fake message below in a second time-->
<--or any other message that has bad mime parts for that matter-->
.
OK <message_id>
QUIT
just remove the *'s before feeding the message in the SMTP DATA command.
<BEGIN_FAKE_MESSAGE>
*Message-ID: <20041020024823.82385.qmail@???>
*Received: from [69.102.13.153] by web11502.mail.yahoo.com via HTTP;
* Thu, 04 Nov 2004 19:48:23 PDT
*Date: Thu, 04 Nov 2004 19:48:23 -0700 (PDT)
*From: Someone <some-user-at-yahoo@???>
*Subject: exiscan testing
*To: Someone <some-user-at-your-domain@???>
*MIME-Version: 1.0
*Content-Type: multipart/alternative;
* boundary="0-419322518-1098240503=:82280"
*
*--0-419322518-1098240503=:82280
*Content-Type: text/plain; charset=us-ascii
*Content-Transfer-Encoding: base64
*
*c29tZXRoaW5nIGlzIGhlc%%$$mU=
*
*--0-419322518-1098240503=:82280--
</END_FAKE_MESSAGE>
--
--EAL--
--
