Loading ...
Sorry, an error occurred while loading the content.

289959Re: Status code of multiline responses logged

Expand Messages
  • Wietse Venema
    Dec 7, 2012
    • 0 Attachment
      Florian Pritz:

      Checking application/pgp-signature: FAILURE
      -- Start of PGP signed section.
      [ Charset UTF-8 unsupported, converting... ]
      > Hi,
      >
      > I've just seen the following log entry:
      > > postfix/smtp[21188]: A494013804C: host eggs.gnu.org[208.118.235.92] said: 451-Your sender e-mail address could not be verified. You're greylisted for 20 451 minutes. Come back later. (in reply to RCPT TO command)
      ...
      > I know that the "451 " after in front of minutes is part of the SMTP
      > protocol, but I really think that postfix shouldn't log it like that.
      > IMHO the log entry should either be split into one line per response
      > line from the server or better yet, it should strip the status code from
      > all but the first line.

      You assume that all response lines will have the same reply code,
      but that is not necessarily true. If Postfix were to log the first
      reply code only, then you would never be aware of the discrepancy.

      > Is that behaviour intentional?

      Absolutely. If a site wants to use a complex reply layout, then
      that is their business. Postfix never preserves line boundaries
      in server SMTP responses, since they end up in logfiles, bounces
      messages and so on, and could be used in an attack to mis-lead
      users or programs that process the replies.

      I suppose you have heard of carriage returns or newlines being used
      to inject false messages into logfiles, splitting http replies, and
      so on.

      In Postfix I work hard to avoid such bugs.

      Wietse
    • Show all 8 messages in this topic