[Gross] Space Character in Mail From Crashing Gross

Jesse Thompson jesse.thompson at doit.wisc.edu
Thu Apr 24 15:57:56 EEST 2008


Hi Jeff,

I'll let Eino address the gross crashing issue.  But I have a workaround 
for you.

This FROM_ACCESS mapping will do the trick.  After seeing a lot of 
garbage in our queues due to 'mail from's with control characters, we 
did an analysis (from our mail logs and searching around for what others 
are doing) on a reasonable policy for valid characters in the local part 
of the mail from.  I know that we should technically be allowing more 
characters per the RFC, but we've been running like this for a while and 
haven't had any complaints.

Jesse

(in case you can't tell, the space character is covered by the range 
ascii hex 0x01-0x21 (space is 0x20) which shows up visually as ^A-! 
note: the ^A is what is printed in the terminal, but it's actually ascii 
hex 0x01.  Let me know if you need help typing that in (it's not ^ and 
A); it's possible to do with vim and a bit of googling.)


FROM_ACCESS
!
! Require EHLO/HELO
   *|*|*|*|*|SMTP/|*|*|*|* $N$D900|EHLO/HELO$ argument$ required
!
! Prohibit spaces in EHLO/HELO
   *|*|*|*|*|SMTP/*$ *|*|*|*|* $NSpace$ not$ allowed$ in$ EHLO/HELO
!
! Prohibit invalid characters in anywhere in the uid
! ascii hex: 01-21, 24, 25, 28, 29, 2c, 3a, 3b, 3c, 3e, 5b-5e, 60, 7b, 7d
   *|*|*|*|*|*|*|*|*$[^A-!$%(),;^`\{\}]%*@*|* $Ninvalid$ character$ in$ 
mail$ from
!
! Prohibit single character questionable characters
! in the local part of the envelope from address
! ascii hex: 23, 26, 27, 2a, 3b, 3f, 2b, 2d, 2e, 5f, 7e
   *|*|*|*|*|*|*|*|$[#&'*=?+\-._\~]%@*|* $Ninvalid$ character$ in$ mail$ 
from
!
! Prohibit quoted single character questionable characters
! in the local part of the envelope from address
! ascii hex: 23, 26, 27, 2a, 3b, 3f, 2b, 2d, 2e, 5f, 7e
   *|*|*|*|*|*|*|*|"$[#&'*=?+\-._\~]%"@*|* $Ninvalid$ character$ in$ 
mail$ from


Jeff Chan wrote:
> Hi,
> 
> I started to experiment with Gross few days ago with SJSMS. I observed
> that Gross crashed regularly, without any error message, and thus left
> the server out of greylisting protection.
> 
> I use Gross 1.0rc2 and found it crashses when a spammer sends
> something like this:
> 
> MAIL FROM: <spam"mer at dom> SIZE=1000
> 
> The mail.log shows the MS takes spam"mer at dom> SIZE=1000 as the envelop
> address, without taking care of the unbalanced double quote. Although
> I think it's either a MS bug or at least a configuration issue, Gross
> shouldn't be crashing because of invalid inputs.
> 
> Anyone encounters this issue? Or just me? And BTW, a little bit off
> topic, what's your experience dealing with invalid characters using
> the MS configuration files like mappings?
> 
> Thanks.
> 
> Jeff
> _______________________________________________
> Gross mailing list
> Gross at lists.utu.fi
> https://lists.utu.fi/mailman/listinfo/gross

-- 
   Jesse Thompson
   Email/IM: jesse.thompson at doit.wisc.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3340 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.utu.fi/pipermail/gross/attachments/20080424/4e8ff47b/attachment.bin>


More information about the Gross mailing list