Re: [exim] Long 'From:' header and verify = header_sender is…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: W B Hacker
Date:  
À: exim users
Sujet: Re: [exim] Long 'From:' header and verify = header_sender issue.
Bryan Rawlins wrote:
> On 6/23/2011 2:07 PM, W B Hacker wrote:
>> It 'should' give you an in-session rejection, AND NOT cause a failure
>> here (Exim 4.73, modified source, on OpenBSD 4.9 AMD-64, Exim ).
> Indeed it did reject in-session. Honestly outside of the competition I
> have not seen a single instance of this occurring. But we disable many
> at SMTP time checks because of the way the competition works. I suspect
> 'in the wild' our ACL's are robust enough to prevent malformed messages
> like the example from getting in.
>
> LOG: MAIN
> <= bryan.rawlins@??? U=root P=local S=141748
> id=20110622181026.J507J048OX@??? T="\367\301\333\311
> \317\302\337\321\327\314\305\316\311\321 \302\325\304\325\324
> \316\301\310\317\304\311\324\330 \314\300\304\311"
> delivering 1QZoXV-0008K8-Ad
> Connecting to mail.conducive.org [203.194.153.81]:25 from 172.30.0.118
> ... connected
> SMTP<< 220 ESMTP Thu, 23 Jun 2011 18:22:08 +0000
> SMTP>> EHLO filtered.onlymyemail.com
> SMTP<< 250-conducive.org Hello filtered.onlymyemail.com [216.234.108.239]
> 250-SIZE 2097152000
> 250-COLDBEER
> 250-STARTTLS
> 250 HELP
> SMTP>> STARTTLS
> SMTP<< 220 TLS go ahead
> SMTP>> EHLO filtered.onlymyemail.com
> SMTP<< 250-conducive.org Hello filtered.onlymyemail.com [216.234.108.239]
> 250-SIZE 2097152000
> 250-COLDBEER
> 250-AUTH PLAIN LOGIN
> 250 HELP
> SMTP>> MAIL FROM:<bryan.rawlins@???> SIZE=143562
> SMTP<< 250 OK
> SMTP>> RCPT TO:<wbh@???>
> SMTP<< 250 Accepted
> SMTP>> DATA
> SMTP<< 354 Enter message, ending with "." on a line by itself
> SMTP>> writing message and terminating "."
> SMTP<< 550 X-Junk: Message composed incorrectly
> SMTP>> QUIT
> LOG: MAIN
> ** wbh@??? R=dnslookup T=remote_smtp: SMTP error from remote
> mail server after end of data: host mail.conducive.org [203.194.153.81]:
> 550 X-Junk: Message composed incorrectly
> LOG: MAIN
> <= <> R=1QZoXV-0008K8-Ad U=mail P=local S=142714 T="Mail delivery
> failed: returning message to sender"
> LOG: MAIN
> Completed QT=7s


OK.

Here is what MY log showed;

=============================

2011-06-23 18:22:05 [26275] SMTP connection from [216.234.108.239]:58174
I=[203.194.153.81]:25 (TCP/IP connection count = 1)

2011-06-23 18:22:09 [1845] H=filtered.onlymyemail.com
[216.234.108.239]:58174 I=[203.194.153.81]:25 Warning: R5
wbh@??? is a valid recipient

2011-06-23 18:22:12 [1845] 1QZoXa-0000Tl-4J **** log string overflowed
log buffer ****

2011-06-23 18:22:12 [1845] 1QZoXa-0000Tl-4J H=filtered.onlymyemail.com
[216.234.108.239]:58174 I=[203.194.153.81]:25
F=<bryan.rawlins@???> rejected after DATA: D6 Syntax fail
RFC2822 syntax check C5= 5: missing or malformed local part: failing
address in "From:" header begins:
=?koi8-r?B?IPDF1NXIz9cgPD0/a29pOC1yP0I/NTlMSng4L1N5Y29nNWNiSnpjLw==?=
=?koi8-r?B?WElEdzlQMnR2YVRndGNqOUNQemc0V0ZONFpHSkNTVkJJVEE9PT89CQ==?=
=?koi8-r?B?PT9rb2k4LXI/Qj9lamxtVFhoa1kyZFFSREF2WVRJNWNFOURNWGxRTQ==?=
=?koi8-r?B?RWt2VTFVNWJWVkVRakJrYTNnMlQxZE9iZz09Pz0JPT9rb2k4LXI/Qg==?=
=?koi8-r?B?P1ZVRTlQVDg5Q1QwL2EyOXBPQzF5UDBJL1VrUkJkbGxVU1RWalJUbA==?=
=?koi8-r?B?RVRWaHNVVTFGYTNaVk1RPT0/PQk9P2tvaTgtcj9CP1ZUVlVWa3AxWQ==?=
=?koi8-r?B?MFUxVFUxV2JETlVNRTAxVjFaT1ZsVnFUbEJXYTBZMVdrRTlQVDg5Qw==?=
=?koi8-r?B?VDAvYXc9PT89CT0/a29pOC1yP0I/YjJrNExYSS9RajlSVkRBNVVIbw==?=
=?koi8-r?B?d1NsQlVPWEppTW1zMFRGaEpMMUZxT1d0aVZWcFdWMnBPVXc9PT89CQ==?=
=?koi8-r?B?PT9rb2k4LXI/Qj9ZVzFHY1dKRlVsWlRTRUpZV2xkNGExSnNXbGxhUQ==?=
=?koi8-r?B?VDA5UHowSlBUOXJiMms0TFhJL1FqOVdhdz09Pz0JPT9rb2k4LXI/Qg==?=
=?koi8-r?B?P01VZFRhbFpoVmpOQ2VsWldXbUZYVjBwSVkwVTVVMDFzU2xOV1YzUg==?=
=?koi8-r?B?R1QxWkNWVTlFYkVSVlZBPT0/PQk9P2tvaTgtcj9CP01EbFFlakJLVQ==?=
=?koi8-r?B?RlE1Y21KM1BUMC9QUWs5UDJ0dmFUZ3RjajlDUDJGVVozUmphamxEVQ==?=
=?koi8-r?B?REZDVlE9PT89CT0/a29pOC1yP0I/VDFoS

2011-06-23 18:22:12 [1845] SMTP connection from filtered.onlymyemail.com
[216.234.108.239]:58174 I=[203.194.153.81]:25 closed by QUIT

==========================

Of interest:

A) 'log string overflowed buffer'. But that did not cause a failure,
only an information message.

B) The speficis of the D6 acl triggered:

====

   # DATA_6: IF header address  NOT syntactically correct THEN deny.
   #
   deny
     !condition  = ${if eq{$acl_m0}{1}}
     message     = X-Junk: Message composed incorrectly
     log_message = D6 Syntax fail RFC2822 syntax check C5= $acl_m5
     !verify     = header_syntax
     set acl_m2  = $acl_m2  Invalid header syntax=5
     set acl_m5  = ${eval:$acl_m5 + 5}


===

The variables have to do with:

- exemptions from testing ($acl_m0)

- a now-largely-deprecated 'demerit' system and its messages
($acl_m2 and $acl_m5).

Note the 'C5 ...' et al - part of a cumulative string finally spit-out
at the end of processing.

So the meat' is simply;

====

   deny
     message     = X-Junk: Message composed incorrectly
     log_message = D6 Syntax fail RFC2822 syntax check C5= $acl_m5
     !verify     = header_syntax


====

In this case, the default log entry would have overflowed, but the
custom 'log_message' one did not.

So long as nothing crashes, or is mis-handled, I don't see that as a bug.

Log entry lines are limited to a TOTAL of 1024 characters - a pragmatic
choice for most users.

IF/AS/WHEN I want more than that, I use an SQL INSERT.

FWIW, 'COLDBEER' presently available is limited by a retirement budget
to Yuengling Old and Negra Modelo.

And I don't ship...

;-)

Bill
--
韓家標