289959Re: Status code of multiline responses logged
- Dec 7, 2012Florian Pritz:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
[ Charset UTF-8 unsupported, converting... ]
> I've just seen the following log entry:
> > postfix/smtp: A494013804C: host eggs.gnu.org[220.127.116.11] said: 451-Your sender e-mail address could not be verified. You're greylisted for 20 451 minutes. Come back later. (in reply to RCPT TO command)
> I know that the "451 " after in front of minutes is part of the SMTPYou assume that all response lines will have the same reply code,
> protocol, but I really think that postfix shouldn't log it like that.
> IMHO the log entry should either be split into one line per response
> line from the server or better yet, it should strip the status code from
> all but the first line.
but that is not necessarily true. If Postfix were to log the first
reply code only, then you would never be aware of the discrepancy.
> Is that behaviour intentional?Absolutely. If a site wants to use a complex reply layout, then
that is their business. Postfix never preserves line boundaries
in server SMTP responses, since they end up in logfiles, bounces
messages and so on, and could be used in an attack to mis-lead
users or programs that process the replies.
I suppose you have heard of carriage returns or newlines being used
to inject false messages into logfiles, splitting http replies, and
In Postfix I work hard to avoid such bugs.
- << Previous post in topic Next post in topic >>