[Gross] Space Character in Mail From Crashing Gross

Jeff Chan jff.chan at gmail.com
Thu Apr 24 16:57:33 EEST 2008 

Thanks Jesse. Your collection is great - but from a quick glance, it
doesn't seem to match a double quote occurring only once.

I am currently testing something like this:
  TCP|*|*|*|*|SMTP*|*|*|*"*"*"*|* $N$D30|Bad$ envelop$ from$ address
  TCP|*|*|*|*|SMTP*|*|*|*"*"*|*  $Y
  TCP|*|*|*|*|SMTP*|*|*|*"*|* $N$D30|Bad$ envelop$ from$ address

It's not perfect and can't get all unbalanced double quotes identified
when the number of double quotes occurs more than 3 times. And the
sort of regular expression that MS provides for mappings is quite
brain dead. Can't figure out a way to precisely write a pattern that
check for unbalanced quotes, without resorting to writing a C routine.

Jeff

On Thu, Apr 24, 2008 at 8:57 PM, Jesse Thompson
<jesse.thompson at doit.wisc.edu> wrote:
> Hi Jeff,
>
>  I'll let Eino address the gross crashing issue.  But I have a workaround
> for you.
>
>  This FROM_ACCESS mapping will do the trick.  After seeing a lot of garbage
> in our queues due to 'mail from's with control characters, we did an
> analysis (from our mail logs and searching around for what others are doing)
> on a reasonable policy for valid characters in the local part of the mail
> from.  I know that we should technically be allowing more characters per the
> RFC, but we've been running like this for a while and haven't had any
> complaints.
>
>  Jesse
>
>  (in case you can't tell, the space character is covered by the range ascii
> hex 0x01-0x21 (space is 0x20) which shows up visually as ^A-! note: the ^A
> is what is printed in the terminal, but it's actually ascii hex 0x01.  Let
> me know if you need help typing that in (it's not ^ and A); it's possible to
> do with vim and a bit of googling.)
>
>
>  FROM_ACCESS
>  !
>  ! Require EHLO/HELO
>   *|*|*|*|*|SMTP/|*|*|*|* $N$D900|EHLO/HELO$ argument$ required
>  !
>  ! Prohibit spaces in EHLO/HELO
>   *|*|*|*|*|SMTP/*$ *|*|*|*|* $NSpace$ not$ allowed$ in$ EHLO/HELO
>  !
>  ! Prohibit invalid characters in anywhere in the uid
>  ! ascii hex: 01-21, 24, 25, 28, 29, 2c, 3a, 3b, 3c, 3e, 5b-5e, 60, 7b, 7d
>   *|*|*|*|*|*|*|*|*$[^A-!$%(),;^`\{\}]%*@*|* $Ninvalid$ character$ in$ mail$
> from
>  !
>  ! Prohibit single character questionable characters
>  ! in the local part of the envelope from address
>  ! ascii hex: 23, 26, 27, 2a, 3b, 3f, 2b, 2d, 2e, 5f, 7e
>   *|*|*|*|*|*|*|*|$[#&'*=?+\-._\~]%@*|* $Ninvalid$ character$ in$ mail$ from
>  !
>  ! Prohibit quoted single character questionable characters
>  ! in the local part of the envelope from address
>  ! ascii hex: 23, 26, 27, 2a, 3b, 3f, 2b, 2d, 2e, 5f, 7e
>   *|*|*|*|*|*|*|*|"$[#&'*=?+\-._\~]%"@*|* $Ninvalid$ character$ in$ mail$
> from
>
>
>  Jeff Chan wrote:
>
> >
> >
> >
> > Hi,
> >
> > I started to experiment with Gross few days ago with SJSMS. I observed
> > that Gross crashed regularly, without any error message, and thus left
> > the server out of greylisting protection.
> >
> > I use Gross 1.0rc2 and found it crashses when a spammer sends
> > something like this:
> >
> > MAIL FROM: <spam"mer at dom> SIZE=1000
> >
> > The mail.log shows the MS takes spam"mer at dom> SIZE=1000 as the envelop
> > address, without taking care of the unbalanced double quote. Although
> > I think it's either a MS bug or at least a configuration issue, Gross
> > shouldn't be crashing because of invalid inputs.
> >
> > Anyone encounters this issue? Or just me? And BTW, a little bit off
> > topic, what's your experience dealing with invalid characters using
> > the MS configuration files like mappings?
> >
> > Thanks.
> >
> > Jeff
> > _______________________________________________
> > Gross mailing list
> > Gross at lists.utu.fi
> > https://lists.utu.fi/mailman/listinfo/gross
> >
>
>  --
>   Jesse Thompson
>   Email/IM: jesse.thompson at doit.wisc.edu
>

More information about the Gross mailing list