A user managed to submit an email to a local_part beginning with a colon
(:info@domain)
Normally this would be rejected early on, but their mail client managed
to sneak the offending character in by wrapping it in double quotes ...
(":info"@domain)
This then caused a paniclog entry, because I was using $local_part in a
DB lookup : "... and users.lhs='$local_part' and ..." and the message
remained undelivered. Every time the queue is run, this message panics
again.
Normally with a leading colon, I get a 501 rejection; hiding it in
quotes produces a 421 error instead.
Here is the full header data from the actual message, copied from the
queue (no data has been obscured)
> 1QRd2d-0001rZ-Al-H
> Debian-exim 108 112
> <fena@???>
> 1306902503 0
> -helo_name fena-Bavastros-iMac.local
> -host_address 60.234.145.50.50985
> -host_auth plain
> -interface_address 60.234.72.142.587
> -received_protocol esmtpsa
> -aclm 0 31
> clamd:/var/run/clamav/clamd.ctl
> -body_linecount 606
> -max_received_linelength 113
> -auth_id fena@???
> -deliver_firsttime
> -tls_cipher TLS1.0:RSA_AES_256_CBC_SHA1:32
> XX
> 2
> info@???
> ":info"@???
>
> 258P Received: from [60.234.145.50] (port=50985 helo=fena-Bavastros-iMac.local)
> by leela.turboweb.net.nz with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32)
> (Exim 4.71)
> (envelope-from <fena@???>)
> id 1QRd2d-0001rZ-Al; Wed, 01 Jun 2011 04:28:23 +0000
> 051I Message-ID: <4DE5BFE1.5080106@???>
> 038 Date: Wed, 01 Jun 2011 16:28:17 +1200
> 047F From: Fena Bavastro <fena@???>
> 114 User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10
> 018 MIME-Version: 1.0
> 068T To: Momentoes <info@???>, ": info"@???
> 020 Subject: Re: Lawyer
> 062 References: <007301cc1bfb$ee007390$ca015ab0$@???>
> 063 In-Reply-To: <007301cc1bfb$ee007390$ca015ab0$@???>
> 086 Content-Type: multipart/alternative;
> boundary="------------020402030109090600000307"
> 065 X-TW-Connection-From: 60.234.145.50:50985 at 2011-06-01 04:28:23
Here is a test manual telnet to the real affected server, using a local
recipient domain :-
> $ telnet leela.turboweb.net.nz 25
> Trying 60.234.72.142...
> Connected to leela.turboweb.net.nz.
> Escape character is '^]'.
> 220 leela.turboweb.net.nz ESMTP Exim 4.71 Tue, 07 Jun 2011 09:35:35 +0000
> helo jim
> 250 leela.turboweb.net.nz Hello jim [202.49.187.176]
> mail from:<jim@???>
> 250 OK
> rcpt to:<:info@???>
> 501 <:info@???>: missing or malformed local part
> quit
> 221 leela.turboweb.net.nz closing connection
> Connection closed by foreign host.
> $ telnet leela.turboweb.net.nz 25
> Trying 60.234.72.142...
> Connected to leela.turboweb.net.nz.
> Escape character is '^]'.
> 220 leela.turboweb.net.nz ESMTP Exim 4.71 Tue, 07 Jun 2011 09:36:03 +0000
> helo jim
> 250 leela.turboweb.net.nz Hello jim [202.49.187.176]
> mail from:<jim@???>
> 250 OK
> rcpt to:<":info"@???>
> 421 Unexpected failure, please try later
> quit
> 221 leela.turboweb.net.nz closing connection
What can I do that will prevent such a malformed address from being
accepted and causing knock-on failures in future?
I tried playing with a test in acl_test_rcpt for this on a scratch
system, but didn't manage to get it right, even though I remembered to
double the colons :-)
> deny message = Restricted characters in address
> local_parts = ^[./|] : ^.*[::@%!] : ^.*/\\.\\./
-jim
