[exim] verify = header_syntax unreliable?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Russell King at ->
Delete this message
Reply to this message
Author: Russell King
Date:  
To: exim-users
Subject: [exim] verify = header_syntax unreliable?
Hi,

I'm having something of a hard time at the moment tracking down this
problem... but what I've found so far seems to indicate that Exim 4.62
and 4.63 has some really odd behaviour.

First, let me describe how the problem has been noticed. Today, one of
my (about 2000) mailing list subscribers reported that he'd been bounced
off my mailing list, and asked me to investigate.

My mailing list server forwards messages to another machine to "explode"
to the list recipients. It appears that the exploder machine rejected
at least one message due to header syntax errors.

Sure enough, the offending message has a CC header consisting of: 

    Cc: David, Other Valid Addresses <blah@...>


which is, of course, invalid.

Now, the strange thing is, I run my MTAs with "deny verify = header_syntax"
in the acl_smtp_data - so the question is, how did this message get past
that check.

I received a copy of the offending message myself (messages from the list
server come direct to me rather than via the exploder.) I thought I'd
try some things out.

I bounced this message to root on the list server; which accepted it and
delivered it back to me. In total, I tried about 10 times and every time
it was accepted, disabling TLS and auth just in case those were affecting
it. I even tried adding: 

  warn    log_message   = content check 1


  warn    !senders      = :
          log_message   = content check 2


  warn    !verify       = header_syntax
          log_message   = content check 3


  deny    !senders      = :
          !verify       = header_syntax
          message       = Your message has invalid To, CC or From headers


  warn    log_message   = content check 4


into the exim config file and re-hupping the daemon. I got messages for
1, 2 and 4, but not 3.

However, if I tried telnetting to the list server, typing the SMTP commands
manually, and pasting the message content in during the data phase, it seems
to always be rejected by that rule. Again, tried multiple times.

Strangely enough, if I bounce the message through the exploder from my
mailbox, the exploder accepts the message.

The offending message is attached; I bounced it one more time through
the list server and captured the log messages. You'll see from the
attached message that it does contain an invalid CC line.

2007-12-14 22:10:38 1J3Iju-0005m5-4U H=flint.arm.linux.org.uk [2002:4e20:1eda:1:201:2ff:fe14:8fad] I=[2002:4e20:1eda:1:201:3dff:fe00:156]:25 Warning: content check 1
2007-12-14 22:10:38 1J3Iju-0005m5-4U H=flint.arm.linux.org.uk [2002:4e20:1eda:1:201:2ff:fe14:8fad] I=[2002:4e20:1eda:1:201:3dff:fe00:156]:25 Warning: content check 2
2007-12-14 22:10:38 1J3Iju-0005m5-4U H=flint.arm.linux.org.uk [2002:4e20:1eda:1:201:2ff:fe14:8fad] I=[2002:4e20:1eda:1:201:3dff:fe00:156]:25 Warning: content check 4
2007-12-14 22:10:46 1J3Iju-0005m5-4U <= linux@??? H=flint.arm.linux.org.uk [2002:4e20:1eda:1:201:2ff:fe14:8fad] I=[2002:4e20:1eda:1:201:3dff:fe00:156]:25 P=esmtps X=TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32 S=4142 id=E1J3Ijp-0001vO-J5@??? T="Re: [PATCH 0/2] gpiolib: add support for PCA9539"
2007-12-14 22:10:51 1J3Iju-0005m5-4U => rmk@??? <rmk@???> R=router T=remote_smtp S=4227 H=flint.arm.linux.org.uk [2002:4e20:1eda:1:201:2ff:fe14:8fad] C="250 OK id=1J3Ik7-0001wy-BP"

lists.arm runs Debian Etch (Exim version 4.63 #1 built 20-Jan-2007 11:34:58)
zeniv (exploder) Fedora (Exim version 4.63 #1 built 04-Oct-2006 19:01:04)
flint (Exim version 4.62 #1 built 10-Dec-2006 21:03:30)

Of course, this still leaves the question about why (and how) the original
message got broken...

--
Russell King
From linux-arm-kernel-bounces+linux=arm.linux.org.uk@??? Fri Dec 14 16:31:18 2007
Return-path: <linux-arm-kernel-bounces+linux=arm.linux.org.uk@???>
Envelope-to: linux@???
Delivery-date: Fri, 14 Dec 2007 16:31:18 +0000
Received: from lists.arm.linux.org.uk ([2002:4e20:1eda:1:201:3dff:fe00:156])
    by flint.arm.linux.org.uk with esmtpa (Exim 4.62)
    (envelope-from <linux-arm-kernel-bounces+linux=arm.linux.org.uk@???>)
    id 1J3DRV-0003Zz-Eb
    for linux@???; Fri, 14 Dec 2007 16:31:17 +0000
Received: from localhost ([127.0.0.1] helo=lists.arm.linux.org.uk)
    by lists.arm.linux.org.uk with esmtp (Exim 4.63)
    (envelope-from <linux-arm-kernel-bounces@???>)
    id 1J3DF0-0003s2-QB; Fri, 14 Dec 2007 16:18:23 +0000
Received: from mallaury.ipv6.nerim.net ([2001:7a8:1:5::82]
    helo=mallaury.nerim.net)
    by lists.arm.linux.org.uk with esmtp (Exim 4.63)
    (envelope-from <khali@???>) id 1J3DDU-0003rr-Pu
    for linux-arm-kernel@???;
    Fri, 14 Dec 2007 16:17:17 +0000
Received: from hyperion.delvare (jdelvare.pck.nerim.net [62.212.121.182])
    by mallaury.nerim.net (Postfix) with ESMTP id 405D24F3E0;
    Fri, 14 Dec 2007 17:16:37 +0100 (CET)
Date: Fri, 14 Dec 2007 17:16:46 +0100
From: Jean Delvare <khali@???>
To: "eric miao" <eric.y.miao@???>
Subject: Re: [PATCH 0/2] gpiolib: add support for PCA9539
Message-ID: <20071214171646.0fe5a876@???>
In-Reply-To: <f17812d70712100137h3aa0056bq78b0efb92d072891@???>
References: <f17812d70712100137h3aa0056bq78b0efb92d072891@???>
X-Mailer: Sylpheed-Claws 2.5.5 (GTK+ 2.10.6; x86_64-suse-linux-gnu)
Mime-Version: 1.0
Cc: David, Linux Kernel list <linux-kernel@???>, i2c@???,
    linux-arm-kernel <linux-arm-kernel@???>
X-BeenThere: linux-arm-kernel@???
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: ARM Linux kernel discussions <linux-arm-kernel.lists.arm.linux.org.uk>
List-Unsubscribe: <http://lists.arm.linux.org.uk/mailman/listinfo/linux-arm-kernel>,
    <mailto:linux-arm-kernel-request@lists.arm.linux.org.uk?subject=unsubscribe>
List-Archive: <http://lists.arm.linux.org.uk/pipermail/linux-arm-kernel>
List-Post: <mailto:linux-arm-kernel@lists.arm.linux.org.uk>
List-Help: <mailto:linux-arm-kernel-request@lists.arm.linux.org.uk?subject=help>
List-Subscribe: <http://lists.arm.linux.org.uk/mailman/listinfo/linux-arm-kernel>,
    <mailto:linux-arm-kernel-request@lists.arm.linux.org.uk?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: linux-arm-kernel-bounces@???
Errors-To: linux-arm-kernel-bounces+linux=arm.linux.org.uk@???
Status: RO
X-Status: A
Content-Length: 849
Lines: 22


Hi Eric,

On Mon, 10 Dec 2007 17:37:05 +0800, eric miao wrote:
> Support for PCA9539 as a GPIO chip is separated into two patches:
>
> 0001 - gpiolib: basic support for 16-bit PCA9539 GPIO expander
> 0002 - gpiolib: add Generic IRQ support for 16-bit PCA9539 GPIO expander
>
> the 2nd one uses workqueue for IRQ handling due to the interrupt mode
> nature of the i2c-core, thus making it a separate patch.

Note that the situation could change according to the discussion in
this thread:
http://lists.lm-sensors.org/pipermail/i2c/2007-December/002378.html

--
Jean Delvare 

-------------------------------------------------------------------
List admin: http://lists.arm.linux.org.uk/mailman/listinfo/linux-arm-kernel
FAQ:        http://www.arm.linux.org.uk/mailinglists/faq.php
Etiquette:  http://www.arm.linux.org.uk/mailinglists/etiquette.php


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] BATV and sender verification.Re: [exim] verify = header_syntax unreliable?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)