Bug#658651: lists.debian.org: violates 8BITMIME specification
tag 658651 wontfix thanks brian m. carlson schrieb am Samstag, den 04. Februar 2012: Package: lists.debian.org Severity: normal Sometimes I receive messages from lists.debian.org that violate the 8BITMIME specification. In order for a mail to be sent with the 8BITMIME tag, it must be MIME. Sending messages that are not MIME (such as those lacking a MIME-Version header field) are not valid candidates for 8BITMIME. For anti-spam reasons and for reasons of general Internet health and public order, my mail server does not accept 8bit messages that are not MIME (sendmail's 8bitmime=strict option), and so you get an SMTP rejection (and I receive an email) every time this occurs. I suspect this is true for other mail servers as well. Rejecting these invalid messages will likely decrease the amount of spam you receive. Regardless, sending valid data is to be encouraged. It would be nice if you made sure lists.debian.org does not emit ill-formed or invalid messages. We follow the postfix recommendations: strict_8bitmime (default: no) Enable both strict_7bit_headers and strict_8bitmime_body. This feature should not be enabled on a general purpose mail server, because it is likely to reject legitimate email. And in my experience, this recommendation is valid. Alex -- Alexander Wirt, formo...@formorer.de CC99 2DDD D39E 75B0 B0AA B25C D35B BC99 BC7D 020A -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#658651: lists.debian.org: violates 8BITMIME specification
Hallo! Du (brian m. carlson) hast geschrieben: For anti-spam reasons and for reasons of general Internet health and public order, my mail server does not accept 8bit messages that are not MIME (sendmail's 8bitmime=strict option), and so you get an SMTP rejection (and I receive an email) every time this occurs. I suspect this is true for other mail servers as well. Rejecting these invalid messages will likely decrease the amount of spam you receive. Regardless, sending valid data is to be encouraged. It would be nice if you made sure lists.debian.org does not emit ill-formed or invalid messages. Please respect the Precedence-Header: list we also send with each mail, so you MTA shouldn't reject a mail from us, but silently drop it. Yours, Cord, Debian Listmaster of the day -- http://lists.debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#658651: lists.debian.org: violates 8BITMIME specification
On Mon, Feb 06, 2012 at 06:53:15PM +, Cord Beermann wrote: Hallo! Du (brian m. carlson) hast geschrieben: For anti-spam reasons and for reasons of general Internet health and public order, my mail server does not accept 8bit messages that are not MIME (sendmail's 8bitmime=strict option), and so you get an SMTP rejection (and I receive an email) every time this occurs. I suspect this is true for other mail servers as well. Rejecting these invalid messages will likely decrease the amount of spam you receive. Regardless, sending valid data is to be encouraged. It would be nice if you made sure lists.debian.org does not emit ill-formed or invalid messages. Please respect the Precedence-Header: list we also send with each mail, so you MTA shouldn't reject a mail from us, but silently drop it. Sendmail doesn't provide an option for that. It provides three options for 8BITMIME handling, one of which is strict. That option makes sendmail reject the message if it is not valid 8BITMIME; it does not provide any hooks to manipulate or inspect it (e.g. to determine the contents of the header). The other two options accept the mail anyway (DJB's just-send-eight) or convert it if necessary (impossible since the data is not MIME). I'm asking you to please fix your mail server so that it doesn't send or relay invalid data. exim tends to be broken WRT 8BITMIME, which is exactly why I don't use it. I honestly think it's completely legitimate to reject data that doesn't comply with the standards, and making the sender bear that burden is the right thing to do, IMO. Otherwise the sender has no motivation to change their behavior. I understand Postel's Law, but that was before security concerns and spam and it assumes everyone is acting in good faith, which is demonstrably not the case on the Internet today. You, of course, are free to do nothing and nothing will change. But as I said before, I'd like you to please give some thought to fixing it. If you choose not to, you are free to mark the bug as wontfix but please do not close it (since it is not fixed). -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital signature
Bug#658651: lists.debian.org: violates 8BITMIME specification
severity 658651 minor tag 658651 wontfix help thanks On Mon, 06 Feb 2012, brian m. carlson wrote: I'm asking you to please fix your mail server so that it doesn't send or relay invalid data. exim tends to be broken WRT 8BITMIME, which is exactly why I don't use it. There are a few reasonable alternatives: 1) We fix the mail to be proper 8 bit mime 2) We follow Postel's law and resend the message since it can actually be understood, possibly adding to the spam score if the message appears to be 8bitmime but isn't actually a valid mime message. For those following along at home who wish to do 1, ldo uses postfix, not exim. Don Armstrong -- Of course Pacman didn't influence us as kids. If it did, we'd be running around in darkened rooms, popping pills and listening to repetitive music. http://www.donarmstrong.com http://rzlab.ucr.edu -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#658651: lists.debian.org: violates 8BITMIME specification
On Mon, Feb 06, 2012 at 04:04:53PM -0800, Don Armstrong wrote: On Mon, 06 Feb 2012, brian m. carlson wrote: I'm asking you to please fix your mail server so that it doesn't send or relay invalid data. exim tends to be broken WRT 8BITMIME, which is exactly why I don't use it. There are a few reasonable alternatives: 1) We fix the mail to be proper 8 bit mime I don't know how you can do this. The major case that I see is an email containing 8bit data but that is not MIME. Since the message is not MIME, it does not contain a Content-Type header. The default content type is therefore text/plain; charset=us-ascii. However, since the message contains 8bit data, it is obviously not ASCII. How is the mail server to determine the proper character set?[0] If a character set is not provided, the data are useless since they cannot be displayed reliably. Guessing character sets has proven to be a bad idea in general. Omitting the charset parameter in a synthesized Content-Type: text/plain header would result in it being valid MIME, but since the default charset is us-ascii, the data would still be useless. 2) We follow Postel's law and resend the message since it can actually be understood, possibly adding to the spam score if the message appears to be 8bitmime but isn't actually a valid mime message. I just want to point out that even debian-security-announce sometimes has 8bit non-MIME messages, so you might want to take announce lists into account when scoring. Many of the invalid messages appear to be legitimate email for the lists. Some are clearly spam. The issue is using the protocol correctly, not stopping spam (although that is a pleasant side effect). Of course, this alternative still sends invalid data, so you'll continue to get SMTP rejects. This also would not fix this bug. There are also a few other alternatives: 3) Do not accept 8bit messages that are not MIME. This will catch a decent amount of spam, IME. It also forces the sender to fix his/her mail setup. This makes generating Content-Type headers (and charset parameters) the job of the sending MUA, which is the only place which can possibly know the charset for certain. 4) Accept and silently discard 8bit messages that are not MIME. This is probably not an acceptable alternative, but I proposed it for completeness. [0] Distinguishing between the ISO-8859 variants requires language analysis of the text in order to get a reasonable guess and even then distinguishing ISO-8859-1 and ISO-8859-15 may just not be possible for a non-human. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital signature
Bug#658651: lists.debian.org: violates 8BITMIME specification
Package: lists.debian.org Severity: normal Sometimes I receive messages from lists.debian.org that violate the 8BITMIME specification. In order for a mail to be sent with the 8BITMIME tag, it must be MIME. Sending messages that are not MIME (such as those lacking a MIME-Version header field) are not valid candidates for 8BITMIME. For anti-spam reasons and for reasons of general Internet health and public order, my mail server does not accept 8bit messages that are not MIME (sendmail's 8bitmime=strict option), and so you get an SMTP rejection (and I receive an email) every time this occurs. I suspect this is true for other mail servers as well. Rejecting these invalid messages will likely decrease the amount of spam you receive. Regardless, sending valid data is to be encouraged. It would be nice if you made sure lists.debian.org does not emit ill-formed or invalid messages. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-rt-amd64 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital signature