[exim-dev] [Bug 2151] New: Callouts use SIZE value from MAIL…

Top Page
This message is part of the following thread:
M+++\the complete thread tree sorted by date
MMMMM 
admin at ->
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
New-Topics: [exim-dev] [Bug 2151] Callouts use SIZE value from MAIL FROM, [exim-dev] [Bug 2151] Callouts use SIZE value from MAIL FROM
Subject: [exim-dev] [Bug 2151] New: Callouts use SIZE value from MAIL FROM
https://bugs.exim.org/show_bug.cgi?id=2151 

            Bug ID: 2151
           Summary: Callouts use SIZE value from MAIL FROM
           Product: Exim
           Version: 4.89
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: ACLs
          Assignee: jgh146exb@???
          Reporter: tony@???
                CC: exim-dev@???


If a callout is done in a connection where a SIZE argument was provided in the
MAIL FROM, the SIZE is copied across to the callout (this was not the case in
4.86; I haven't checked 4.87 or 4.88, although it seems likely to be JH/07 In
4.89).

This means that Exim can cache "this server will not accept MAIL FROM", even
though the rejection was purely because of the size of that specific message,
and will then reject (via the cache) further messages that would be accepted.
The debug log has this in that case:

>>> Attempting full verification using callout
>>> callout cache: found domain record for mail.simplyspamfree.com
>>> callout cache: domain gave initial rejection, or does not accept HELO or MAIL FROM:<>

Exim version:

Exim version 4.89 #2 built 19-Jul-2017 23:21:25
Copyright (c) University of Cambridge, 1995 - 2017
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: iconv() DNSSEC Event PRDR TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz dbmnz
dnsdb
Authenticators:
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile autoreply pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /usr/exim/configure

Full configuration file: 

keep_environment =
message_size_limit = 0
acl_smtp_rcpt = acl_check_rcpt
begin acl
acl_check_rcpt:
  deny
    !verify                = recipient/callout=2m,random
  accept
begin routers
manual_mail:
  debug_print = "R: manual_mail for $local_part@$domain"
  driver = manualroute
  host_find_failed = ignore
  host_all_ignored = freeze
  transport = remote_smtp
  route_list = $domain "<, mail.simplyspamfree.com"
begin transports
remote_smtp:
  debug_print = "T: remote_smtp for $local_part@$domain"
  driver = smtp


Example SMTP conversation:

220 server1.test15.simplyspamfree.com ESMTP Exim 4.89 Wed, 19 Jul 2017 23:37:34
+0000
ehlo server14.seinternal.com
250-server1.test15.simplyspamfree.com Hello server14.seinternal.com
[213.133.99.176]
250-SIZE
250-8BITMIME
250-PIPELINING
250-CHUNKING
250 HELP
mail from:<tony@???> size=987654321
250 OK
rcpt to:<reject-rcpt@???>
550-Callout verification failed:
550 552 Message size exceeds maximum permitted
quit
221 server1.test15.simplyspamfree.com closing connection
Connection closed by foreign host.

Debug output for that connection: 

7235 callout cache: no domain record found for mail.simplyspamfree.com
 7235 dbfn_read: key=reject-rcpt@???
 7235 callout cache: no address record found for
reject-rcpt@???
 7235 closed hints database and lockfile
 7235 interface=NULL port=25
 7235 Connecting to mail.simplyspamfree.com [5.9.235.173]:25 ... 5.9.235.173 in
hosts_try_fastopen? no (option unset)
 7235 connected
 7235 read response data: size=77
 7235   SMTP<< 220 mail.simplyspamfree.com ESMTP Exim 4.80 Thu, 20 Jul 2017
01:49:18 +0200
 7235 5.9.235.173 in hosts_avoid_esmtp? no (option unset)
 7235   SMTP>> EHLO server1.test15.simplyspamfree.com
 7235 cmd buf flush 40 bytes
 7235 read response data: size=142
 7235   SMTP<< 250-mail.simplyspamfree.com Hello
server1.test15.simplyspamfree.com [5.79.78.147]
 7235          250-SIZE 52428800
 7235          250-8BITMIME
 7235          250-PIPELINING
 7235          250 HELP
 7235 5.9.235.173 in hosts_avoid_pipelining? no (option unset)
 7235 using PIPELINING
 7235 not using DSN
 7235 5.9.235.173 in hosts_require_auth? no (option unset)
 7235   SMTP>> MAIL FROM:<> SIZE=987655345
 7235   SMTP>> RCPT
TO:<server1.test15.simplyspamfree.com-1500508161-testing@???>
 7235 cmd buf flush 117 bytes
 7235 read response data: size=70
 7235   SMTP<< 552 Message size exceeds maximum permitted
 7235 bad response for MAIL
 7235   SMTP<< 503 sender not yet given
 7235   SMTP>> QUIT
 7235 cmd buf flush 6 bytes
 7235 read response data: size=48
 7235   SMTP<< 221 mail.simplyspamfree.com closing connection
 7235   SMTP(close)>>


I can get the bad value cached by doing a successfull callout (no SIZE) to
accept@???, then a failed callout (SIZE) to
reject-rcpt@???. If I then try
accept@??? (no SIZE) it'll fail because of the cached
record for mail.simplyspamfree.com itself. If the successful cache entry isn't
there initially, this doesn't seem to happen, but I haven't investigated much,
since it seems clear that SIZE should not be used in the callout.

I have logs of the 4.86 behaviour if you want those (or could do in 4.87 or
4.89). Please let me know if there's any more information I can provide.

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 2147] Random callout check causes actual ACL to defer[exim-dev] [Bug 2151] Callouts use SIZE value from MAIL FROM->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)