Re: [Mimedefang] Email injection and the android 'email' app
Am 06.03.2013 05:37, schrieb Richard Laager: As a result of this thread, we discussed and tested this in-house (on just one phone). I believe we did get a notification that the message didn't send, so that's good. What I thought when I first read this thread. Users will ignore notifications and swear afterwards that there was none. System ate my mail after clicking away a pop-up window saying Unknown recipient. That aside, is Android behaving any differently than Thunderbird, or many other mail clients? Getting a 5xx status code from the outgoing mail server seems to pop up a dialog and then leave the message in the outbox on the ones we tested. Thunderbird leaves the message composition window open in that case, which is arguably a clearer sign that the message wasn't sent. This leads to inconsistent behavior between local and remote destinations. I don't think it's inconsistent. Processes can fail at different stages, and people are (or should be) used to that. Specifically, mail transmission can fail at different stages, and notifications will differ depending on that. The popup right after clicking Send is just one more variant. So if you want consistency, accepting all recipients for authenticated senders (and then later generating bounces) seems to be the only option. IMHO that would be a very bad solution, reducing the usability of the server for the majority of users because of the (forgive me) stupidity of a few. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany signature.asc Description: OpenPGP digital signature ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
On Tue, 5 Mar 2013 17:07:07 -0600 Les Mikesell lesmikes...@gmail.com wrote: There's no way you should break your setup to comply with a brain-dead Android app. Is having a submission server that doesn't know all of the domain addresses necessarily broken? I guess not, as long as only authenticated users can relay through the submission server. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
On Tue, 05 Mar 2013 22:37:14 -0600 Richard Laager rlaa...@wiktel.com wrote: That aside, is Android behaving any differently than Thunderbird, or many other mail clients? Getting a 5xx status code from the outgoing mail server seems to pop up a dialog and then leave the message in the outbox on the ones we tested. In my mail client (Claws mail), you get an error popup and are left in the email composer window. It's pretty obvious that the mail didn't go through and why. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
On 03/04/2013 06:30 PM, Dale Moore wrote: [...] I would suggest combination of per SMTP AUTH user bounce settings (possibly with auto change) AND scripted scanning logs for offenders. I hope you are not going to use another option mentioned without very good reason/very hard pressure. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
On Tue, Mar 5, 2013 at 2:00 AM, Andrzej A. Filip andrzej.fi...@gmail.com wrote: On 03/04/2013 06:30 PM, Dale Moore wrote: [...] I would suggest combination of per SMTP AUTH user bounce settings (possibly with auto change) AND scripted scanning logs for offenders. I hope you are not going to use another option mentioned without very good reason/very hard pressure. Yes, consider what would happen in the more typical scenario of the authenticated 'submission host' server that you give out for your users _not_ knowing the user list for the domain. It is the somewhat accidental fact that yours does that triggers the problem, even if the problem really is in the submitting application. -- Les Mikesell lesmikes...@gmail.com ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
--- On Tue, 3/5/13, Andrzej A. Filip andrzej.fi...@gmail.com wrote: On 03/04/2013 06:30 PM, Dale Moore wrote: [...] I would suggest combination of per SMTP AUTH user bounce settings (possibly with auto change) AND scripted scanning logs for offenders. Very BAD advice. This should be a rejection, not a bounce. There is a difference. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
On Mon, Mar 4, 2013 at 11:30 AM, Dale Moore dale.mo...@cs.cmu.edu wrote: The android 'email' app, will NOT take this 'permanent' failure as definitive, and instead try again shortly to resend the email. The email remains the the app's 'Outbox' . I currently have dozens of remote android client that connect to my smtp server that regularly attempt to send their same mis-addressed email dozens of times a day for weeks on end. Those aren't big numbers and it shouldn't bother your server much even if they were orders of magnitude higher... Why not just ignore it? Or do you want to improve the user's experience by getting a DNS in their inbox where they might see it - which is what would happen if the server where they submit didn't know the user list? -- Les Mikesell lesmikes...@gmail.com ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
Those aren't big numbers and it shouldn't bother your server much even if they were orders of magnitude higher... Why not just ignore it? Or do you want to improve the user's experience by getting a DNS in their inbox where they might see it - which is what would happen if the server where they submit didn't know the user list? Exactly right. Looking back over my logs, this was only a couple of droids A few months ago. Now I must do this several times a month. Perhaps the result of a minor email education blitz. The load on the server is very low, but getting higher. But from the user experience standpoint it is a total failure. The users don't check their 'Outbox' on their android. They don't know why the email didn't get through. They didn't get any notification as to why their email didn't go through. They thought that they sent it. They are sure that they sent it. And the intended recipient sure didn't receive it. It does the right thing for other especially off-site email addresses. From the users perspective our system lost their email again. This application works for hundreds or thousands of other sites and it doesn't work for our system.From their perspective, our setup is just plain broken. Dale Moore -- Les Mikesell lesmikes...@gmail.com ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
On Tue, 5 Mar 2013 17:45:01 -0500 Dale Moore dale.mo...@cs.cmu.edu wrote: From the users perspective our system lost their email again. This application works for hundreds or thousands of other sites and it doesn't work for our system. From their perspective, our setup is just plain broken. I would file a bug with the authors of the application in question, and I'd notify all your users of the bug and advise them to switch to a different email application if they send mail via your servers. There's no way you should break your setup to comply with a brain-dead Android app. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
On Tue, Mar 5, 2013 at 4:59 PM, David F. Skoll d...@roaringpenguin.com wrote: There's no way you should break your setup to comply with a brain-dead Android app. Is having a submission server that doesn't know all of the domain addresses necessarily broken? -- Les Mikesell lesmikes...@gmail.com ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
On Tue, 2013-03-05 at 17:59 -0500, David F. Skoll wrote: There's no way you should break your setup to comply with a brain-dead Android app. As a result of this thread, we discussed and tested this in-house (on just one phone). I believe we did get a notification that the message didn't send, so that's good. However, the fact that we had to switch it into airplane mode to be able to delete from the outbox was very annoying. That aside, is Android behaving any differently than Thunderbird, or many other mail clients? Getting a 5xx status code from the outgoing mail server seems to pop up a dialog and then leave the message in the outbox on the ones we tested. This leads to inconsistent behavior between local and remote destinations. It's arguably good for local destinations, as you can fix the address typo before sending (thus avoiding breakage when people hit Reply to All, for example). But I don't think it'd be reasonable for the outgoing mail server to check the remote addresses at the RCPT TO stage so that it could (attempt to) provide the consistent behavior of (nearly) always rejecting at RCPT TO. So if you want consistency, accepting all recipients for authenticated senders (and then later generating bounces) seems to be the only option. -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Email injection and the android 'email' app
I am a recent mailing list subscriber.
I am a longtime user of mimedefang.
I'd like to discuss email injection, which is not specifically a mimedefang
issue, but I will use mimedefang to implement what I'm discussing.
I have had the philosophy that it is better to reject an email via
SMTP protocol (550 5.1.1 No Such user here) instead of accepting an
email then later sending a Delivery Status Notification (DSN) that an email
could not be delivered.
That philosophy of early rejection is independent of
- whether the client had authenticated or not, and/or
- whether the email was for the local site or not.
This philosophy reduces network traffic, reduces mis-directed
DSN blowback (faked envelope mail from), and is just a cleaner
way of doing things.
A most curious behavior that I'm seeing is with the Android email app.
When an android user, using the default 'email' app,
attempts to send email to u...@this.site.example.com but the
user mistypes the email address as nosuchu...@this.site.example.com
the SMTP server for my domain (this.site.example.com) will respond with
550 5.1.1 No Such mailbox here nosuchu...@this.site.example.com
It responds with failure because the smtp server knows the local
domain this.site.example.com very well because it is the local domain.
And it knows all of the email addresses within that domain.
And it knows that nosuchu...@this.site.example.com is not valid.
It only makes sense to me to reject this email at this point.
The android 'email' app, will NOT take this 'permanent' failure as definitive,
and instead try again shortly to resend the email. The email remains the
the app's 'Outbox' . I currently have dozens of remote android client
that connect to my smtp server that regularly attempt to send their
same mis-addressed email dozens of times a day for weeks on end.
My guess is that this email client application wants my SMTP server to
always accept the email and send a DSN upon discovery of a problem.
We currently have several per account email settings stored in our
ldap directory that my mimedefang milters reference. These settings include
- Spam scoring thresholds
- greylisting settings
we are considering one that would do the following
- get the authenticated user id ($main::SendmailMacros{auth_authen})
- retrieve their LDAP bouce settings
- Use this bounce setting to decide whether to bounce or send a DSN.
Another option to attempt to solve this problem, is if my milters see this
behavior more times than some configurable threshold (say 10 times from
the same IP/envelope from/rcpt to/) is to
- adjust the servers behaviour by accepting the email and
- send a DSN that the email was probably mis-addressed.
That would cause the apps nagging to eventually stop, but at the expense
of a non-immediate feedback to the app user that he or she cant type.
Another option is some combination of the above.
Currently, to deal with this problem, I'm
- manually scanning the logs picking out such behavior
- personally notifying the users that their email isnt going out and why
- helping them put their droid in airplane mode
- helping them remove the offending message from their 'Outbox'
- helping them put their droid out of airplane mode
If your opinion is that the android app is wrong, I'll agree. But it is
becoming
so pervasive, we must find a better way of accomodating this email client app.
There are too many android users. We cant try to convince them that they should
use a different email app or adjust their settings for composing or reading
email.
I might as well hold back the tide as ask them to change their behavior.
I myself am an android app user.
Your ideas are appreciated. You can send your ideas to me directly and I will
summarize in a week. Or you can send them to this list.
Dale Moore
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
On Mon, 4 Mar 2013 12:30:09 -0500 Dale Moore dale.mo...@cs.cmu.edu wrote: [Broken Android email app does not consider 5xx failure to be permanent, but keeps retrying.] Your ideas are appreciated. You can send your ideas to me directly and I will summarize in a week. Or you can send them to this list. I would take a scorched-earth approach. I would immediately lock the account of any user from whom I observed such behaviour and refuse to unlock it until the user replaces the email app with a non-broken version. You seem to be writing from a university, so you may be able to get away with this for students. Faculty/staff might need a somewhat more nuanced approach. :) Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
I would take a scorched-earth approach. I would immediately lock the account of any user from whom I observed such behaviour and refuse to unlock it until the user replaces the email app with a non-broken version. With that approach, I'm not sure that it is the earth that would end up being scorched. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
On 4 March 2013 19:30, Dale Moore dale.mo...@cs.cmu.edu wrote: [snip] Your ideas are appreciated. You can send your ideas to me directly and I will summarize in a week. Or you can send them to this list. Have you considered filling a report in Android's bug tracker with a link to the appropriate section in the relevant RFC? -- mișu ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 4 Mar 2013, David F. Skoll wrote: On Mon, 4 Mar 2013 12:30:09 -0500 Dale Moore dale.mo...@cs.cmu.edu wrote: [Broken Android email app does not consider 5xx failure to be permanent, but keeps retrying.] Your ideas are appreciated. You can send your ideas to me directly and I will summarize in a week. Or you can send them to this list. I would take a scorched-earth approach. I would immediately lock the account of any user from whom I observed such behaviour and refuse to unlock it until the user replaces the email app with a non-broken version. You seem to be writing from a university, so you may be able to get away with this for students. Faculty/staff might need a somewhat more nuanced approach. :) I do agree with David, er partly :-). There are plenty of alternatives for Android. @Dale, I would change your action from: - manually scanning the logs picking out such behavior - personally notifying the users that their email isnt going out and why - helping them put their droid in airplane mode - helping them remove the offending message from their 'Outbox' - helping them put their droid out of airplane mode to: - programmatically scanning the logs picking out such behavior - automatically notifying the users that their email isnt going out and why, e.g. point to a FAQ and/or send that FAQ page as attachment - helping them to install yet another mail client - helping them to get the old messages edited and on-wire finally - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUTWkPp8mjdm1m0FfAQIAEwf9GN71zEP2w5oDB4/3Qct4WjgF32qjr6ms o+ZoXme2ZOdmaCUuaQgwGbXXF7lc7Q8GVONUT8b1UCRyx+QvjFUkWEaom/jewJt6 Bjvdg6iTffg6tbID372xVZVdYzRAv61sDkJSrYwn2q+JrLjQJHj3LhvNCeqERcL4 dY1Nt3EsTDhJ7ggGmrZuBvyPlXXhTas4rD3GTpG+P0XOLCw61Jg/RoEAO7Q2PL5C NXnEH+I+u2CBU+mnEK3ev594ue+KEcXLd4hMCRDyLeq9KKqXg1fl7MUzvBVHJKUI g8Ek5rwy1l1mrY3CPnzBgpbOuI6MeGhS+RVy4vEQedPrO3Xss0tAtg== =yn3M -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
