Here's a copy of the message I sent to [EMAIL PROTECTED] regarding a bug in
the flame.org patch; since it's fairly serious (rejecting valid messages
that follow identified spam in a single SMTP conversation) I thought I'd
post it here in case others were using it.
Brian
---------- Forwarded message ----------
Date: Thu, 14 Sep 2000 11:08:15 -0700 (PDT)
From: Brian Behlendorf <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: bug in flame-patches-1.03-1.6.2.diff, patch provided.
Uh, there appears to be a serious bug in your flame patches - if a remote
MTA transfers multiple messages over the same SMTP conversation (i.e.,
sends a message, and instead of closing the SMTP conversation, starts a
new message) then if one message in that stream exceeded the badheader
threshold and is rejected, then all subsequent ones in that stream will
also be rejected.
I noticed this when the apache.org mail box was down for a little bit and
when it came back up, the backup MX streamed a bunch of messages to it,
and a whole series of them failed. Here's a good illustration of the
problem:
Sep 13 11:41:10 locus qmail-smtpd[43346]: Received: from unknown (HELO
zuul.interlinksystems.com)
Sep 13 11:41:11 locus qmail-smtpd[43346]: Received: from unknown (HELO
zuul.interlinksystems.com)
Sep 13 11:41:19 locus qmail-smtpd[43346]: Received: from unknown (HELO
zuul.interlinksystems.com)
Sep 13 11:41:21 locus qmail-smtpd[43346]: REJECT JUNK_THRESHOLD <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> [63.161.32.6, unknown] (HELO zuul.interlinksystems.com) 0/1000/R
Sep 13 11:41:41 locus qmail-smtpd[43346]: Received: from unknown (HELO
zuul.interlinksystems.com)
Sep 13 11:41:41 locus qmail-smtpd[43346]: REJECT JUNK_THRESHOLD
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]> [63.161.32.6, unknown] (HELO
zuul.interlinksystems.com) 0/1000/R
Sep 13 11:41:51 locus qmail-smtpd[43346]: Received: from unknown (HELO
zuul.interlinksystems.com)
Sep 13 11:41:52 locus qmail-smtpd[43346]: REJECT JUNK_THRESHOLD <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> [63.161.32.6, unknown] (HELO zuul.interlinksystems.com) 0/1000/R
Sep 13 11:41:54 locus qmail-smtpd[43346]: Received: from unknown (HELO
zuul.interlinksystems.com)
Sep 13 11:41:54 locus qmail-smtpd[43346]: REJECT JUNK_THRESHOLD <>
<[EMAIL PROTECTED]> [63.161.32.6, unknown] (HELO
zuul.interlinksystems.com) 0/1000/R
Sep 13 11:41:55 locus qmail-smtpd[43346]: Received: from unknown (HELO
zuul.interlinksystems.com)
Sep 13 11:41:55 locus qmail-smtpd[43346]: REJECT JUNK_THRESHOLD <>
<[EMAIL PROTECTED]> [63.161.32.6, unknown] (HELO
zuul.interlinksystems.com) 0/1000/R
As you can see, the [EMAIL PROTECTED] was a badheaders spam, but the
rest of the ones after that also failed. Baaad.
I think the following patch appears to fix it:
locus# diff -C3 qmail-smtpd.c.old qmail-smtpd.c
*** qmail-smtpd.c.old Thu Sep 14 11:07:06 2000
--- qmail-smtpd.c Thu Sep 14 11:04:31 2000
***************
*** 843,848 ****
--- 843,849 ----
if (remotehost)
log_helo();
headerthresh = 0;
+ headeralways = ALWAYS_RATE;
blast(&hops);
hops = (hops >= MAXHOPS);
if (hops) qmail_fail(&qqt);
I tested it and it appears to not block subsequent requests if the first
one fails. I could be misunderstanding your code though.
Thoughts?
Brian
