[exim] Problems with colons in addresses

Inizio della pagina
Delete this message
Reply to this message
Autore: Jim Cheetham
Data:  
To: exim-users
Oggetto: [exim] Problems with colons in addresses
A user managed to submit an email to a local_part beginning with a colon
(:info@domain)

Normally this would be rejected early on, but their mail client managed
to sneak the offending character in by wrapping it in double quotes ...
(":info"@domain)

This then caused a paniclog entry, because I was using $local_part in a
DB lookup : "... and users.lhs='$local_part' and ..." and the message
remained undelivered. Every time the queue is run, this message panics
again.

Normally with a leading colon, I get a 501 rejection; hiding it in
quotes produces a 421 error instead.

Here is the full header data from the actual message, copied from the
queue (no data has been obscured)

> 1QRd2d-0001rZ-Al-H
> Debian-exim 108 112
> <fena@???>
> 1306902503 0
> -helo_name fena-Bavastros-iMac.local
> -host_address 60.234.145.50.50985
> -host_auth plain
> -interface_address 60.234.72.142.587
> -received_protocol esmtpsa
> -aclm 0 31
> clamd:/var/run/clamav/clamd.ctl
> -body_linecount 606
> -max_received_linelength 113
> -auth_id fena@???
> -deliver_firsttime
> -tls_cipher TLS1.0:RSA_AES_256_CBC_SHA1:32
> XX
> 2
> info@???
> ":info"@???
>
> 258P Received: from [60.234.145.50] (port=50985 helo=fena-Bavastros-iMac.local)
>         by leela.turboweb.net.nz with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32)
>         (Exim 4.71)
>         (envelope-from <fena@???>)
>         id 1QRd2d-0001rZ-Al; Wed, 01 Jun 2011 04:28:23 +0000
> 051I Message-ID: <4DE5BFE1.5080106@???>
> 038  Date: Wed, 01 Jun 2011 16:28:17 +1200
> 047F From: Fena Bavastro <fena@???>
> 114  User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10
> 018  MIME-Version: 1.0
> 068T To: Momentoes <info@???>, ": info"@???
> 020  Subject: Re: Lawyer
> 062  References: <007301cc1bfb$ee007390$ca015ab0$@???>
> 063  In-Reply-To: <007301cc1bfb$ee007390$ca015ab0$@???>
> 086  Content-Type: multipart/alternative;
>  boundary="------------020402030109090600000307"
> 065  X-TW-Connection-From: 60.234.145.50:50985 at 2011-06-01 04:28:23


Here is a test manual telnet to the real affected server, using a local
recipient domain :-

> $ telnet leela.turboweb.net.nz 25
> Trying 60.234.72.142...
> Connected to leela.turboweb.net.nz.
> Escape character is '^]'.
> 220 leela.turboweb.net.nz ESMTP Exim 4.71 Tue, 07 Jun 2011 09:35:35 +0000
> helo jim
> 250 leela.turboweb.net.nz Hello jim [202.49.187.176]
> mail from:<jim@???>
> 250 OK
> rcpt to:<:info@???>
> 501 <:info@???>: missing or malformed local part
> quit
> 221 leela.turboweb.net.nz closing connection
> Connection closed by foreign host.


> $ telnet leela.turboweb.net.nz 25
> Trying 60.234.72.142...
> Connected to leela.turboweb.net.nz.
> Escape character is '^]'.
> 220 leela.turboweb.net.nz ESMTP Exim 4.71 Tue, 07 Jun 2011 09:36:03 +0000
> helo jim
> 250 leela.turboweb.net.nz Hello jim [202.49.187.176]
> mail from:<jim@???>
> 250 OK
> rcpt to:<":info"@???>
> 421 Unexpected failure, please try later
> quit
> 221 leela.turboweb.net.nz closing connection


What can I do that will prevent such a malformed address from being
accepted and causing knock-on failures in future?

I tried playing with a test in acl_test_rcpt for this on a scratch
system, but didn't manage to get it right, even though I remembered to
double the colons :-)

> deny    message     = Restricted characters in address
>         local_parts = ^[./|] : ^.*[::@%!] : ^.*/\\.\\./ 


-jim