On 2011-06-22 at 15:06 -0400, Bryan Rawlins wrote:
> I have been working with the coordinators for the Virus Bulletin
> Spam test on an issue where our servers were returning "421 Unexpected
> failure, please try later" in response to some messages relayed to us
> through the competition server.
>
> It took some time to establish what the issue was because the only
> trace of the messages in the Exim logs were one line like the following.
>
> +++ 1QZOwg-0002iz-Ix has not completed +++
> 2011-06-22 11:02:24 [10477] 1QZOwg-0002iz-Ix string_sprintf expansion
> was longer than 32768
>
> We finally determined that all the failed emails had one thing in
> common, their From: header was 1000's of characters long. Every example
> that we examined was obvious spam, so not accepting the messages isn't
> really a problem, especially in production environments. However, it
> would be nice if this type of error was handled better.
The size checks are explicit, to protect against buffer attacks, so I
believe that there's no security issues here; it is handled better than
a crash would be. :)
I agree that the error message is less than helpful; on the other hand,
I'm cautious about the idea of undoing the panic handling, to let a
normal message be returned. It *might* be reasonable to have a "context
stack" which can be reported in the panic line.
Against this, it shouldn't be possible for a remote person to choose to
insert content into the panic log; that should always be for major site
issues, not individual mails.
Could you please open a feature request at <
http://bugs.exim.org/>, and
feel free to assign it directly to me?
Thanks,
-Phil
