Spectacularly misconfigured mail server



  • I've missed out on the chance to write “--- snipped $foo lines ---” until now, but my time has come. I sent a site a message via their contact form yesterday, and the message bounced back to me. This isn't anything out of the ordinary, except that the bounce mail was 1572 kB. Although King Belgarion has awarded me the Wordiest Posts award, I didn't write over 1 megabyte of text to this poor bloke.

    The bounce was a bit odd -- “The attached message had PERMANENT fatal delivery errors!” followed by a session transcript ending in:

     Tue 2008-01-15 14:32:15: [806:12] <-- 354 Enter mail, end with "." on a line by itself
     Tue 2008-01-15 14:32:15: [806:12] Sending <xxxxxxxxxxxxxxxxxxxxxxxx\pd50000379374.msg> to [194.63.248.17]
     Tue 2008-01-15 14:32:21: [806:12] Transfer Complete
     Tue 2008-01-15 14:32:22: [806:12] <-- 552 5.6.0 Headers too large (32768 max)
     Tue 2008-01-15 14:32:22: [806:12] --> QUIT

    Attached was a copy of the mail, that went as follows:

    Received: from mail.enternett.no by enternett.no (MDaemon PRO v9.6.3)
    	with ESMTP id md50001007856.msg
    	for <redacted@aasland.org>; Tue, 15 Jan 2008 14:32:09 +0100
    Received: from mail.enternett.no by enternett.no (MDaemon PRO v9.6.3)
    	with ESMTP id md50001007840.msg
    	for <redacted@aasland.org>; Tue, 15 Jan 2008 14:31:57 +0100
    Received: from mail.enternett.no by enternett.no (MDaemon PRO v9.6.3)
    	with ESMTP id md50001007826.msg
    	for <redacted@aasland.org>; Tue, 15 Jan 2008 14:31:43 +0100
    Received: from mail.enternett.no by enternett.no (MDaemon PRO v9.6.3)
    	with ESMTP id md50001007812.msg
    	for <redacted@aasland.org>; Tue, 15 Jan 2008 14:31:32 +0100
    Received: from mail.enternett.no by enternett.no (MDaemon PRO v9.6.3)
    	with ESMTP id md50001007794.msg
    	for <redacted@aasland.org>; Tue, 15 Jan 2008 14:31:21 +0100
    
    --- Snip 15,711 lines ---
    
    Received: from localhost.localdomain ([217.68.104.204])
    	by enternett.no (mail.enternett.no [217.68.104.195])
    	(MDaemon PRO v9.6.3)
    	with ESMTP id md50000933596.msg
    	for <redacted@no-nonsense-software.com>; Mon, 14 Jan 2008 16:50:31 +0100
    Content-Disposition: inline
    Content-Length: 2072
    Content-Transfer-Encoding: binary
    Content-Type: text/plain
    MIME-Version: 1.0
    X-Mailer: MIME::Lite 3.01 (F2.71; B2.12; Q2.03)
    Date: Mon, 14 Jan 2008 15:50:28 UT
    From: public@telcontar.net
    To: redacted@no-nonsense-software.com
    Subject: No Nonsense Software feedback
    X-MDAV-Processed: mail.enternett.no, Mon, 14 Jan 2008 16:50:33 +0100
    X-MDAV-Processed: mail.enternett.no, Mon, 14 Jan 2008 16:50:41 +0100
    X-MDAV-Processed: mail.enternett.no, Mon, 14 Jan 2008 16:50:49 +0100
    X-MDAV-Processed: mail.enternett.no, Mon, 14 Jan 2008 16:51:01 +0100
    X-MDAV-Processed: mail.enternett.no, Mon, 14 Jan 2008 16:51:09 +0100
    
    --- Snip 4,123 lines ---
    
    X-MDHeloLookup-Result: pass smtp.helo=mail.enternett.no (ip=217.68.104.195) (mail.enternett.no)
    X-MDMailLookup-Result: pass smtp.mail=public@telcontar.net (ip=217.68.104.195) (mail.enternett.no)
    X-Spam-Processed: mail.enternett.no, Tue, 15 Jan 2008 14:32:09 +0100
    	(not processed: spam filter heuristic analysis disabled)
    X-MDRemoteIP: 217.68.104.195
    X-Return-Path: public@telcontar.net
    X-Envelope-From: public@telcontar.net
    X-MDaemon-Deliver-To: redacted@aasland.org

    And then the message.

    I think they broke something. No?



  • It's happening again!!!!111!!! Indeed, the more you look at the state of the net, the more convinced you become there's simply nothing new under the Sun =)



  • Imagine a config like (taken from the local exim mail server)

    ## TRANSPORT
    

    dcc:
    driver = pipe
    use_shell = true
    command = "/usr/local/bin/dccproc -A -t $recipients_count |
    /usr/local/bin/exim -oMr dcc -bS"
    user = dcc
    group = mail
    bsmtp = all
    prefix =

    Router

    checksum:
    driver = domainlist
    transport = dcc
    route_list = *
    condition = ${if eq {$received_protocol}{dcc}{no}{yes}}

    Now imagine that when writing this, on the last line you make a typo in {dcc}

    That is how you get such results :)



  • The only mail server I've ever configured was SIMS. The above doesn't tell me a lot. I don't imagine there's seriously a lot wrong with their server, but it's a funny mistake. I wonder why it ever stopped ... perhaps after 20,000 lines it was worn out?



  • @Daniel Beardsmore said:

    I wonder why it ever stopped ...

    that's why:

    Tue 2008-01-15 14:32:22: [806:12] <-- 552 5.6.0 Headers too large (32768 max)


  • The fog clears. That transaction wasn't the whole process, that was the transaction of a single iteration, the one where the camel's back broke. Thing is, I don't know where the 32768 figure comes into play. The whole mail file only has 25288 lines and they're not all headers: some are the message and some are headers split onto three lines.

    And for good measure (and I forgot to note this initially) the file has another 5264 blank lines following the message, included in that 25288 count.



  • @Daniel Beardsmore said:

    Thing is, I don't know where the 32768 figure comes into play.

    Number of bytes in the headers, not the number of newline characters. 



  • There are ~1 MB of headers, so the endless looping didn't stop when it reached the 32 kB figure.



  • Reminds me of when I was on co-op at a tech office for one of the colleges at my university.  They were getting a new web based Ticket Tracker set up, one that sent emails any time important action happened on a support ticket and was much more powerful than the old web based tracker.

    Anyway, one day Chris managed to somehow get the ticket entry page to create a ticket that lacked an email address to send the information to.  He shouts over to Grant--the guy coding the tracker--"He Grant!  What happens if the mailserver gets a message without a 'to' email address?"

    Sadly, Grant didn't know, but did a flush of the server and fixed the tracker so it'd throw an error if there wasn't a valid email address.



  • @Daniel Beardsmore said:

    There are ~1 MB of headers, so the endless looping didn't stop when it reached the 32 kB figure.

    Well, that message is supposed to be the number of bytes, so we can conclude that the mail server is buggy in addition to being misconfigured.


Log in to reply