Re: [exim] 4.87 and acl_check_data

Góra strony
Delete this message
Reply to this message
Autor: Evgeniy Berdnikov
Data:  
Dla: exim-users
Temat: Re: [exim] 4.87 and acl_check_data
Good day.

On Tue, Apr 12, 2016 at 02:37:37PM +0300, Evgeniy Berdnikov wrote:
>
> Exim 4.87 is shipped with a body line length check condition:
>
> acl_check_data:
>
>   # Deny if the message contains an overlong line.  Per the standards
>   # we should never receive one such via SMTP.
>   #
>   deny    condition  = ${if > {$max_received_linelength}{998}}

>
> After upgrade I found two issues: 1. mails, composed by MS Outlook 14,
> are sometimes rejected due to oversized of even malformed header
> "References:", 2. in my configuration bounces are sent through the same
> mail relay and are blocked by this rule, because they include headers
> of the original mail with oversized lines. So bounces are lost and
> my users have no hints that their mails were dropped.
>
> Certainly, Outlook is buggy. But the absence bounce is much worse,
> regardless of its compliance to RFC. Moreover, there were no adequate
> diagnostic message in logs. I think messages from <> should not be
> checked for body line length, and propose this patch against 4.87:
>
> ------------------------------------------------------------------------
>
> --- ./src/configure.default.orig    2016-04-02 22:24:15.000000000 +0300
> +++ ./src/configure.default    2016-04-12 14:09:40.617384333 +0300
> @@ -513,7 +513,11 @@
>    # Deny if the message contains an overlong line.  Per the standards
>    # we should never receive one such via SMTP.
>    #
> -  deny    condition  = ${if > {$max_received_linelength}{998}}
> +  deny
> +    !senders   = :
> +    message    = Maximum body line length is $max_received_linelength \
> +            (over 998 chars limit), message rejected.
> +    condition  = ${if > {$max_received_linelength}{998}}

>
>    # Deny if the message contains a virus. Before enabling this check, you
>    # must install a virus scanner and set the av_scanner option above.

>
> ------------------------------------------------------------------------


Well, another problem was found with remote_smtp transport. Version 4.87
is shipped with
---------------------------------------------------------------------------
# This transport is used for delivering messages over SMTP connections.
# Refuse to send any message with over-long lines, which could have
# been received other than via SMTP. The use of message_size_limit to
# enforce this is a red herring.

remote_smtp:
driver = smtp
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
---------------------------------------------------------------------------

First, it contradicts to my proposal to deliver DSNs regardless of its
conformance to RFC. Such check should be done at a message reception time,
in acl_check_data (for SMTP) or acl_not_smtp (for non-SMTP), not at a time
of message ejection to the net. Moreover, anyone can configure and use
custom transport (LMTP, for example), without such limitation, then mails
would be passed or bounced depending which transport is used for address.
So I think such condition for remote_smtp transport is really ugly,
it should be removed from Exim distribution.
--
Eugene Berdnikov