https://bugs.exim.org/show_bug.cgi?id=2151
Bug ID: 2151
Summary: Callouts use SIZE value from MAIL FROM
Product: Exim
Version: 4.89
Hardware: All
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: ACLs
Assignee: jgh146exb@???
Reporter: tony@???
CC: exim-dev@???
If a callout is done in a connection where a SIZE argument was provided in the
MAIL FROM, the SIZE is copied across to the callout (this was not the case in
4.86; I haven't checked 4.87 or 4.88, although it seems likely to be JH/07 In
4.89).
This means that Exim can cache "this server will not accept MAIL FROM", even
though the rejection was purely because of the size of that specific message,
and will then reject (via the cache) further messages that would be accepted.
The debug log has this in that case:
>>> Attempting full verification using callout
>>> callout cache: found domain record for mail.simplyspamfree.com
>>> callout cache: domain gave initial rejection, or does not accept HELO or MAIL FROM:<>
Exim version:
Exim version 4.89 #2 built 19-Jul-2017 23:21:25
Copyright (c) University of Cambridge, 1995 - 2017
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: iconv() DNSSEC Event PRDR TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz dbmnz
dnsdb
Authenticators:
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile autoreply pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /usr/exim/configure
Full configuration file:
keep_environment =
message_size_limit = 0
acl_smtp_rcpt = acl_check_rcpt
begin acl
acl_check_rcpt:
deny
!verify = recipient/callout=2m,random
accept
begin routers
manual_mail:
debug_print = "R: manual_mail for $local_part@$domain"
driver = manualroute
host_find_failed = ignore
host_all_ignored = freeze
transport = remote_smtp
route_list = $domain "<, mail.simplyspamfree.com"
begin transports
remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
Example SMTP conversation:
220 server1.test15.simplyspamfree.com ESMTP Exim 4.89 Wed, 19 Jul 2017 23:37:34
+0000
ehlo server14.seinternal.com
250-server1.test15.simplyspamfree.com Hello server14.seinternal.com
[213.133.99.176]
250-SIZE
250-8BITMIME
250-PIPELINING
250-CHUNKING
250 HELP
mail from:<tony@???> size=987654321
250 OK
rcpt to:<reject-rcpt@???>
550-Callout verification failed:
550 552 Message size exceeds maximum permitted
quit
221 server1.test15.simplyspamfree.com closing connection
Connection closed by foreign host.
Debug output for that connection:
7235 callout cache: no domain record found for mail.simplyspamfree.com
7235 dbfn_read: key=reject-rcpt@???
7235 callout cache: no address record found for
reject-rcpt@???
7235 closed hints database and lockfile
7235 interface=NULL port=25
7235 Connecting to mail.simplyspamfree.com [5.9.235.173]:25 ... 5.9.235.173 in
hosts_try_fastopen? no (option unset)
7235 connected
7235 read response data: size=77
7235 SMTP<< 220 mail.simplyspamfree.com ESMTP Exim 4.80 Thu, 20 Jul 2017
01:49:18 +0200
7235 5.9.235.173 in hosts_avoid_esmtp? no (option unset)
7235 SMTP>> EHLO server1.test15.simplyspamfree.com
7235 cmd buf flush 40 bytes
7235 read response data: size=142
7235 SMTP<< 250-mail.simplyspamfree.com Hello
server1.test15.simplyspamfree.com [5.79.78.147]
7235 250-SIZE 52428800
7235 250-8BITMIME
7235 250-PIPELINING
7235 250 HELP
7235 5.9.235.173 in hosts_avoid_pipelining? no (option unset)
7235 using PIPELINING
7235 not using DSN
7235 5.9.235.173 in hosts_require_auth? no (option unset)
7235 SMTP>> MAIL FROM:<> SIZE=987655345
7235 SMTP>> RCPT
TO:<server1.test15.simplyspamfree.com-1500508161-testing@???>
7235 cmd buf flush 117 bytes
7235 read response data: size=70
7235 SMTP<< 552 Message size exceeds maximum permitted
7235 bad response for MAIL
7235 SMTP<< 503 sender not yet given
7235 SMTP>> QUIT
7235 cmd buf flush 6 bytes
7235 read response data: size=48
7235 SMTP<< 221 mail.simplyspamfree.com closing connection
7235 SMTP(close)>>
I can get the bad value cached by doing a successfull callout (no SIZE) to
accept@???, then a failed callout (SIZE) to
reject-rcpt@???. If I then try
accept@??? (no SIZE) it'll fail because of the cached
record for mail.simplyspamfree.com itself. If the successful cache entry isn't
there initially, this doesn't seem to happen, but I haven't investigated much,
since it seems clear that SIZE should not be used in the callout.
I have logs of the 4.86 behaviour if you want those (or could do in 4.87 or
4.89). Please let me know if there's any more information I can provide.
--
You are receiving this mail because:
You are on the CC list for the bug.
