Re: [exim] Long 'From:' header and verify = header_sender is…

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] Long 'From:' header and verify = header_sender issue.
Bryan Rawlins wrote:
> On 6/22/2011 3:06 PM, Bryan Rawlins wrote:
>> Hello List,
>> I have been working with the coordinators for the Virus Bulletin Spam
>> test on an issue where our servers were returning "421 Unexpected
>> failure, please try later" in response to some messages relayed to us
>> through the competition server.
>>
>> It took some time to establish what the issue was because the only
>> trace of the messages in the Exim logs were one line like the following.
>>
>> +++ 1QZOwg-0002iz-Ix has not completed +++
>> 2011-06-22 11:02:24 [10477] 1QZOwg-0002iz-Ix string_sprintf expansion
>> was longer than 32768
>>
>> We finally determined that all the failed emails had one thing in
>> common, their From: header was 1000's of characters long. Every
>> example that we examined was obvious spam, so not accepting the
>> messages isn't really a problem, especially in production
>> environments. However, it would be nice if this type of error was
>> handled better. Attached is an example email that caused this error on
>> our system.
>>
>> Exim version 4.76
>> CentOS 4.7 (x64)
>>
>> log_selector = -retry_defer -queue_run -host_lookup_failed +pid
>> +queue_time_overall +subject +incoming_interface
>>
> Apparently I neglected to mention above that the failure was in the DATA
> ACL when 'verify=header_sender' was invoked.
>
> Pardon my omission.
>


Bryan,

The acl clause to test for that scenario has many options, there is more
than one way to go about it, and the choices as tgo how it acts and what
it 'says' are all in the hands of whomever writes the configure file.

A 'deny' class verb instead of 'defer' is one.

A clause can also carry a custom error message.

Two of those we have used for this sort of test include:

     message     = Broken Mailer Violates RFC standards!


     message     = Message composed incorrectly


And the 'log_message =' may be different, yet:

     log_message = D6 failed RFC syntax check


Anything more specific or creative is up to the implementor, so
'...handled better...' is whatever you wish it to be.

Exim JF does as it is told.

IF/AS/WHEN told...

;-)

Tell it what you want....

Bill

--
韓家標