In message <20131023193228.38cf83e2@sage>, you wrote: >On Wed, 23 Oct 2013 16:12:12 -0700 >"Ronald F. Guilmette" <r...@tristatelogic.com> wrote: > >> I believe that you may be on to something here, but it is more than >> just Postfix seeing a \n\n and believeing that it had encountered the >> end of the headers. It is possible that something in the input >> stream I gave it signaled to it the end of *all* input (not just >> headers) but that is still perplexing. What character or character >> sequence would do that? > >Sometimes if the string has a null character, "\0", it won't read pass >it. This, of course, is a bug but determining what piece of software is >doing it will be difficult.
Actually, I think now that something _other than_ a mere null byte is causing Postfix to get a bit confused, but as regards to "what piece of software" is losing its way, it is most definitely Postfix, since my Perl script is piping data directly into that. Anyway, just a few moments ago I realized/remembered that Postfix is trying to _parse_ the headers it is given. This is part of its job... so that it can do wonderful and useful things, like as attaching @domain to (local) e-mail addresses that don't already have that. So anyway, I also then realized that yes, Postfix's parsing of the From: header(s) contained within the data I was feeding it probaby failed, utterly, and *not* because there's any actual ``fault'' in Postfix, but rather because the gobbledegook that my attacker was putting into the web contact form didn't add up to anything that actually constituted anything like an even remotely parseable e-mail address, according to current RFC rules. So this is my current/new theory, i.e. that the attacker _didn't_ actually manage to compromise me or execute any code on my system, but that he _did_ manage to pass in some really twisted and sick strings (where there should have been either a person's name or a person's e-mail address) and then Postfix, perhaps not surprisingly, wasn't able to parse that, and as a result it threw up its hands (in disgust?) after one too many parsing errors. Well, it's a theory anyway. I hope it is correct, because it is making me feel better already. (I *was* seriously* worried that I had been compromised, even if only slightly. Even executing only under the rather limited local `www' account/user, an unauthorized outsider could undoubtedly do a lot of mischief that I wouldn't like.) Regards, rfg -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/
