Loading ...
Sorry, an error occurred while loading the content.

Bug in Postfix 2.10.2 milter interface regarding sender/recipient rewrite?

Expand Messages
  • Benoit Panizzon
    Hello We use MIMEDefang to do spam/virus scanning and also to forward emails in a SRS compatible way, count bounces and do some phishing detection. Now I have
    Message 1 of 11 , Dec 24, 2013
    • 0 Attachment
      Hello

      We use MIMEDefang to do spam/virus scanning and also to forward emails in a
      SRS compatible way, count bounces and do some phishing detection.

      Now I have found out, that sometimes the functions to change the sender or
      delete / add recipients do not work.

      Its is mostly reproducable with this set-up:

      A local user, say: benoit@...

      Has configured to forward his address to:

      test1@...
      test2@...
      test3@...

      MIMEDefang doest this:

      compute SRS sender
      change_sender($srs-sender)
      delete_recipient(benoit@...)
      add_recipient(test1@...)
      add_recipient(test1@...)
      add_recipient(test1@...)

      This works, the sender is rewriten, the email is received by all three
      external recipients.

      Now that user wants to still have a copy deliviered to his inbox:

      MIMEDefang doest this:

      compute SRS sender
      change_sender($srs-sender)
      add_recipient(test1@...)
      add_recipient(test1@...)
      add_recipient(test1@...)

      The only diference is, that I don't delete the recipient.

      Now my MIMEDefang debug output show, that all the parts changing sender and
      recipients are run. I even get a RESULT file in the MIMEDefang spool directory
      that contains all the changes.

      But postfix then ignores those changes and delivers the email only via lmtp
      and only to benoit@.... The sender also is not being rewritten.

      I did als try:

      compute SRS sender
      change_sender($srs-sender)
      delete_recipient(benoit@...)
      add_recipient(benoit@...)
      add_recipient(test1@...)
      add_recipient(test1@...)
      add_recipient(test1@...)

      Same result, only local delivery.

      Did I stubmle over a Postfix bug, or did I misconfigure something?
      Could somebody point me to how I could debug this problem to find the cause?

      And the very puzzling thing is, sometime the problem does not occur, but I
      have not yet found out how to reproduce.

      Kind regards

      Benoit Panizzon
      --
      I m p r o W a r e A G -
      ______________________________________________________

      Zurlindenstrasse 29 Tel +41 61 826 93 07
      CH-4133 Pratteln Fax +41 61 826 93 02
      Schweiz Web http://www.imp.ch
      ______________________________________________________
    • Wietse Venema
      What Postfix version?
      Message 2 of 11 , Dec 24, 2013
      • 0 Attachment
        What Postfix version?
      • moparisthebest
        I can t tell for sure because those emails are examples, but depending how you get the recipient to delete in the first place, you might be getting it with the
        Message 3 of 11 , Dec 24, 2013
        • 0 Attachment
          I can't tell for sure because those emails are examples, but depending how you get the recipient to delete in the first place, you might be getting it with the wrong case, refer to this thread:

          http://postfix.1071664.n5.nabble.com/case-related-milter-bug-td62886.html#a62890

          In short, the milter protocol sends a RCPT TO address twice, once in a macro, once in a R block. With sendmail these are always identical, case and all. With postfix, the macro is always lowercase, and the R block is the correct case which must be used in the delete.

          Benoit Panizzon <benoit.panizzon@...> wrote:
          Hello

          We use MIMEDefang to do spam/virus scanning and also to forward emails in a
          SRS compatible way, count bounces and do some phishing detection.

          Now I have found out, that sometimes the functions to change the sender or
          delete / add recipients do not work.

          Its is mostly reproducable with this set-up:

          A local user, say: benoit@...

          Has configured to forward his address to:

          test1@...
          test2@...
          test3@...

          MIMEDefang doest this:

          compute SRS sender
          change_sender($srs-sender)
          delete_recipient(benoit@...)
          add_recipient(test1@...)
          add_recipient(test1@...)
          add_recipient(test1@...)

          This works, the sender is rewriten, the email is received by all three
          external recipients.

          Now that user wants to still have a copy deliviered to his inbox:
          MIMEDefang doest this:

          compute SRS sender
          change_sender($srs-sender)
          add_recipient(test1@...)
          add_recipient(test1@...)
          add_recipient(test1@...)

          The only diference is, that I don't delete the recipient.

          Now my MIMEDefang debug output show, that all the parts changing sender and
          recipients are run. I even get a RESULT file in the MIMEDefang spool directory
          that contains all the changes.

          But postfix then ignores those changes and delivers the email only via lmtp
          and only to benoit@.... The sender also is not being rewritten.

          I did als try:

          compute SRS sender
          change_sender($srs-sender)
          delete_recipient(benoit@...)
          add_recipient(benoit@...)
          add_recipient(test1@...)
          add_recipient(test1@...)
          add_recipient(test1@...)

          Same result, only local delivery.

          Did I stub mle over a Postfix bug, or did I misconfigure something?
          Could somebody point me to how I could debug this problem to find the cause?

          And the very puzzling thing is, sometime the problem does not occur, but I
          have not yet found out how to reproduce.

          Kind regards

          Benoit Panizzon

          --
          Sent from my Android device with K-9 Mail. Please excuse my brevity.
        • Wietse Venema
          What is the Postfix version. Milter support has evolved in the 8 years. Wietse
          Message 4 of 11 , Dec 24, 2013
          • 0 Attachment
            What is the Postfix version. Milter support has evolved in the 8 years.

            Wietse
          • Wietse Venema
            ... It will help if you configure master.cf to append -v to the cleanup line and then postfix reload . Then you can send the cleanup logging ( grep cleanup
            Message 5 of 11 , Dec 24, 2013
            • 0 Attachment
              Benoit Panizzon:
              > compute SRS sender
              > change_sender($srs-sender)
              > delete_recipient(benoit@...)
              > add_recipient(benoit@...)
              > add_recipient(test1@...)
              > add_recipient(test1@...)
              > add_recipient(test1@...)
              >
              > Same result, only local delivery.

              It will help if you configure master.cf to append -v to the cleanup
              line and then "postfix reload".

              Then you can send the cleanup logging ("grep cleanup /the/maillog/file").
              Private (off-list) email is OK.

              Wietse
            • Benoit Panizzon
              ... As per Subject: 2.10.2 :-) Mit freundlichen Gr�ssen Benoit Panizzon -- I m p r o W a r e A G - ______________________________________________________
              Message 6 of 11 , Dec 27, 2013
              • 0 Attachment
                Am Tuesday, 24. December 2013, 14.29:04 schrieb Wietse Venema:
                > What Postfix version?

                As per Subject: 2.10.2 :-)

                Mit freundlichen Grüssen

                Benoit Panizzon
                --
                I m p r o W a r e A G -
                ______________________________________________________

                Zurlindenstrasse 29 Tel +41 61 826 93 07
                CH-4133 Pratteln Fax +41 61 826 93 02
                Schweiz Web http://www.imp.ch
                ______________________________________________________
              • Benoit Panizzon
                Hi Thank you for this hint. ... Nope, that is most probably not the problem I face, as in this case at least the add_recipients would have to be executed. But
                Message 7 of 11 , Dec 27, 2013
                • 0 Attachment
                  Hi

                  Thank you for this hint.

                  > I can't tell for sure because those emails are examples, but depending how
                  > you get the recipient to delete in the first place, you might be getting
                  > it with the wrong case, refer to this thread:
                  >
                  > http://postfix.1071664.n5.nabble.com/case-related-milter-bug-td62886.html#a
                  > 62890
                  >
                  > In short, the milter protocol sends a RCPT TO address twice, once in a
                  > macro, once in a R block. With sendmail these are always identical, case
                  > and all. With postfix, the macro is always lowercase, and the R block is
                  > the correct case which must be used in the delete.

                  Nope, that is most probably not the problem I face, as in this case at least
                  the add_recipients would have to be executed.

                  But my observation is, if the problem occurs, none of the sender / recipient
                  changes are executed, as if postfix completely ignores the milter
                  instructions.

                  Mit freundlichen Grüssen

                  Benoit Panizzon
                  --
                  I m p r o W a r e A G -
                  ______________________________________________________

                  Zurlindenstrasse 29 Tel +41 61 826 93 07
                  CH-4133 Pratteln Fax +41 61 826 93 02
                  Schweiz Web http://www.imp.ch
                  ______________________________________________________
                • Wietse Venema
                  Message 8 of 11 , Dec 27, 2013
                  • 0 Attachment
                    Wietse Venema:
                    > Benoit Panizzon:
                    > > compute SRS sender
                    > > change_sender($srs-sender)
                    > > delete_recipient(benoit@...)
                    > > add_recipient(benoit@...)
                    > > add_recipient(test1@...)
                    > > add_recipient(test1@...)
                    > > add_recipient(test1@...)
                    > >
                    > > Same result, only local delivery.
                    >
                    > It will help if you configure master.cf to append -v to the cleanup
                    > line and then "postfix reload".
                    >
                    > Then you can send the cleanup logging ("grep cleanup /the/maillog/file").
                    > Private (off-list) email is OK.
                    >
                    > Wietse
                    >
                  • Benoit Panizzon
                    Hi Just to let you know if someone runs into the same problem... sender/recipient changes are not valid during the RCPT TO: Milter phase (filter_recipient of
                    Message 9 of 11 , Jan 2, 2014
                    • 0 Attachment
                      Hi

                      Just to let you know if someone runs into the same problem...

                      sender/recipient changes are not valid during the 'RCPT TO:' Milter phase
                      (filter_recipient of MIMEDefang). In that phase you can only accept, reject or
                      tempfail recipients). Adding/Removing recipients and changing the sender have
                      to be done in the DATA phase (filter_begin or later in MIMEDefang).

                      Interrestingly postfix accepts them during rcpt to, but somehow the milter
                      communication remains in an unstable state.

                      Mit freundlichen Grüssen

                      Benoit Panizzon
                      --
                      I m p r o W a r e A G -
                      ______________________________________________________

                      Zurlindenstrasse 29 Tel +41 61 826 93 07
                      CH-4133 Pratteln Fax +41 61 826 93 02
                      Schweiz Web http://www.imp.ch
                      ______________________________________________________
                    • moparisthebest
                      I believe that is just how the milter protocol is supposed to work, in sendmail as well as postfix. ... -- Sent from my Android device with K-9 Mail. Please
                      Message 10 of 11 , Jan 2, 2014
                      • 0 Attachment
                        I believe that is just how the milter protocol is supposed to work, in sendmail as well as postfix.

                        Benoit Panizzon <benoit.panizzon@...> wrote:
                        Hi

                        Just to let you know if someone runs into the same problem...

                        sender/recipient changes are not valid during the 'RCPT TO:' Milter phase
                        (filter_recipient of MIMEDefang). In that phase you can only accept, reject or
                        tempfail recipients). Adding/Removing recipients and changing the sender have
                        to be done in the DATA phase (filter_begin or later in MIMEDefang).

                        Interrestingly postfix accepts them during rcpt to, but somehow the milter
                        communication remains in an unstable state.

                        Mit freundlichen Grüssen

                        Benoit Panizzon

                        --
                        Sent from my Android device with K-9 Mail. Please excuse my brevity.
                      • Wietse Venema
                        ... That is INCORRECT. Postfix DOES NOT accept modify requests before end-of-data and instead logs a warning (as can be trivially seen from source code). 1343
                        Message 11 of 11 , Jan 2, 2014
                        • 0 Attachment
                          Benoit Panizzon:
                          > Hi
                          >
                          > Just to let you know if someone runs into the same problem...
                          >
                          > sender/recipient changes are not valid during the 'RCPT TO:' Milter phase
                          > (filter_recipient of MIMEDefang). In that phase you can only accept, reject or
                          > tempfail recipients). Adding/Removing recipients and changing the sender have
                          > to be done in the DATA phase (filter_begin or later in MIMEDefang).
                          >
                          > Interrestingly postfix accepts them during rcpt to,

                          That is INCORRECT. Postfix DOES NOT accept modify requests before
                          end-of-data and instead logs a warning (as can be trivially seen
                          from source code).

                          1343 default:
                          1344 if (event == SMFIC_BODYEOB) {
                          1345 switch (cmd) {
                          1346
                          1347 #define MILTER8_HDR_SPACE(m) (((m)->ev_mask & SMFIP_HDR_LEADSPC) ? "" : 1347 " ")
                          1348
                          1349 /*
                          1350 * Modification request: replace, insert or delete
                          ...
                          1564 }
                          1565 msg_warn("milter %s: unexpected filter response %s after eve 1565 nt %s",

                          > but somehow the milter communication remains in an unstable state.

                          I suspect that MIMEDefang sits on top of libmilter. I know that
                          libmilter enforces proper ordering of requests. That would explain
                          the stability issue that you see.

                          Wietse
                        Your message has been successfully submitted and would be delivered to recipients shortly.