First, a bug: Base64Enc.cpp: decode64() references two bytes of data
before validating that the passed text is at least that long. To fix,
add:
if (inlen>1)
before the existing code, which begins:
if (in[0]=="+" && in[1]==' ')
Also, errors are mis-handled in SMTPHandleCmd_DATA(), causing the wrong
error number to propagate up to the caller. Because this only occurs
when some error has occurred, it has apparently gone unnoticed, but is
evident if you try to return an error other than the one that the
distributed 1.10 release returns. The existing code is not affected by
this defect in any way (but I had to address it to implement the content
filter described below).
In the case of SMTPHandleCmd_DATA(), the problem can be overridden near
the end of where the code calls ErrorPush(), then does some things, then
does iErrorCode=ErrorPop(). Fixed by changing the pop to:
ErrSetErrorCode(iErrorCode=ErrorPop()). This still does not address
issues with the handling of pszSmtpError, however. Error handling in
this and related functions is imprecise and really needs to be
overhauled, as pszSmtpError and iErrorCode (and the error code set by
ErrSetErrorCode()) are frequently not handled as a unit and can end up
disagreeing with each other (e.g., the error code comes from one error,
but the message from another). If a custom error message can be used,
then clearly ErrSetErrorCode(), ErrPush() and ErrPop() must handle not
only the error number, but the error message string as well.
Additionally, ErrPush() and ErrPop() really should implement an actual
stack instead of using a single variable. Left as-is, their names imply
that they can be used to safely store the current error condition across
calls to other arbitrary functions, when in fact they cannot.
===
Below is my current list of functional changes I have made in the
version of xmail (based on 1.10) that I run:
does not display the program name or version # on server banners.
Display of this information offers no advantage to a standards-based
service, and informs the world exactly which bugs you have.
The verbiage of most server result messages is changed. This is largely
nothing more than a matter of taste, but at least one typo is corrected
as well.
the response sent if the VRFY command is disabled is "252 Argument not
checked" per RFC 2505
server.tab changes
changed variables:
SMTP-RDNSCheck - additional anti-spam functionality (see below)
ReceivedHdrType - verbose headers (ReceivedHdrType=1) include the
result of the reverse lookup that is performed if SMTP-RDNSCheck is
nonzero. Example of the 1st line of the new header: Received: from
mx1.aol.com ([62.212.98.229] sled.net1.nerim.net)
CheckMailerDomain
0: do not check
1: check; on failure, refuse message
>1: check; on failure, introduce command delay of (value) seconds
between subsequent commands
new variables:
MTABanMessage (string) - message emitted if the sending MTA is
banned (by a spammers.tab entry)
SenderBanMessage (string) - message emitted if the sender is banned
(by a spam-address.tab entry)
These can be used to emit a message that includes an email address
(that will accept mail from the sender) to which bans can be contested.
ContentViolationsFatal (bool) - determines whether a message
rejected by the content filter results in a fatal (5xx) error, or a
transient (4xx) error. the latter causes spammers to retain mail on
their system until their configured retry time elapses. Normally I
wouldn't do something like this that intentionally forces an MTA to
retain the message with no hope of ever delivering it, but I decided
that spammers can kiss my 4xx.
ContentViolationMessage (string) - message sent if a message is
rejected by the content filter (default='Message refused')
ContentFilterLines (int) - # of message lines across which a content
filter entry checks for forbidden content. 0=disable content filtering,
1=line by line, >1=examine message using an n-line window.
ContentFilterLocalMail - (bool) 0=mail from local users is not
subjected to the content filter. I will be changing this shortly to use
a config file for exemptions instead of this flag.
SMTP log file changes
added ClientFQDN: result of SMTP-RDNSCheck lookup
Other changes
The format of intermediate message files changed to accommodate
reverse DNS lookup information (see SMTP-RDNSCheck and ReceivedHdrType)
(new field appears at end of existing fields in the spool file)
New configuration file filtcontent.tab: Message content filter -
rejects messages (including base64-encoded messages) based on their
content (see server.tab variables ContentViolation*, ContentFilter*)
==================
SMTP-RDNSCheck changes
MSB* LSB
rsss vvaa aaaa aaaa
r: reserved
s: success action
v: failure verb
a: failure argument
0x8000 (32768/-32767): reserved to avoid nuisances if sizeof(int)==2
==success actions == bits 0x7000
0x4000 (16384): if RDNS lookup succeeds, check it against
spam-address.tab
if listed, perform failure action in 0x0fff
if not listed, allow the connection
0x2000 (8192) : if RDNS lookup succeeds, perform DNS lookup on the
result.
if fails : perform the failure action in 0x0fff
if succeeds: allow the connection
0x1000 (4096) : validate the forward lookup performed by 0x2000
if matches the sending MTA's IP address: allow the
connection
does not match: perform failure action in bits
0x0fff
==failure actions == bits 0x0fff
==failure verbs == bits 0x0c00
0x0400 (1024) : activate inter-command pause (argument:
0x03ff=seconds)
0x0800 (2048) : disallow connection
0x0c00 (3072) : unused
==failure arguments == bits 0x03ff
if verb=0x0400:
0x03ff (0-1023): pause time (seconds) 1023=~17 minutes
* if sizeof(int)>2, (only) the least 16 bits are used and shown here.
===
Any comments on these are welcome.
---
T. Mike Howeth
http://www.tmike.com
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
