[Gross] Space Character in Mail From Crashing Gross

Jesse Thompson jesse.thompson at doit.wisc.edu
Thu Apr 24 17:13:59 EEST 2008 

Oh, sorry, I didn't read your message fully, and assumed you were 
talking about spaces, not quotes.

It seems odd the gross would care about unbalanced quotes.  Are you sure 
it's not crashing because of the space?

Jesse


Jeff Chan wrote:
> Thanks Jesse. Your collection is great - but from a quick glance, it
> doesn't seem to match a double quote occurring only once.
> 
> I am currently testing something like this:
>   TCP|*|*|*|*|SMTP*|*|*|*"*"*"*|* $N$D30|Bad$ envelop$ from$ address
>   TCP|*|*|*|*|SMTP*|*|*|*"*"*|*  $Y
>   TCP|*|*|*|*|SMTP*|*|*|*"*|* $N$D30|Bad$ envelop$ from$ address
> 
> It's not perfect and can't get all unbalanced double quotes identified
> when the number of double quotes occurs more than 3 times. And the
> sort of regular expression that MS provides for mappings is quite
> brain dead. Can't figure out a way to precisely write a pattern that
> check for unbalanced quotes, without resorting to writing a C routine.
> 
> Jeff
> 
> On Thu, Apr 24, 2008 at 8:57 PM, Jesse Thompson
> <jesse.thompson at doit.wisc.edu> wrote:
>> Hi Jeff,
>>
>>  I'll let Eino address the gross crashing issue.  But I have a workaround
>> for you.
>>
>>  This FROM_ACCESS mapping will do the trick.  After seeing a lot of garbage
>> in our queues due to 'mail from's with control characters, we did an
>> analysis (from our mail logs and searching around for what others are doing)
>> on a reasonable policy for valid characters in the local part of the mail
>> from.  I know that we should technically be allowing more characters per the
>> RFC, but we've been running like this for a while and haven't had any
>> complaints.
>>
>>  Jesse
>>
>>  (in case you can't tell, the space character is covered by the range ascii
>> hex 0x01-0x21 (space is 0x20) which shows up visually as ^A-! note: the ^A
>> is what is printed in the terminal, but it's actually ascii hex 0x01.  Let
>> me know if you need help typing that in (it's not ^ and A); it's possible to
>> do with vim and a bit of googling.)
>>
>>
>>  FROM_ACCESS
>>  !
>>  ! Require EHLO/HELO
>>   *|*|*|*|*|SMTP/|*|*|*|* $N$D900|EHLO/HELO$ argument$ required
>>  !
>>  ! Prohibit spaces in EHLO/HELO
>>   *|*|*|*|*|SMTP/*$ *|*|*|*|* $NSpace$ not$ allowed$ in$ EHLO/HELO
>>  !
>>  ! Prohibit invalid characters in anywhere in the uid
>>  ! ascii hex: 01-21, 24, 25, 28, 29, 2c, 3a, 3b, 3c, 3e, 5b-5e, 60, 7b, 7d
>>   *|*|*|*|*|*|*|*|*$[^A-!$%(),;^`\{\}]%*@*|* $Ninvalid$ character$ in$ mail$
>> from
>>  !
>>  ! Prohibit single character questionable characters
>>  ! in the local part of the envelope from address
>>  ! ascii hex: 23, 26, 27, 2a, 3b, 3f, 2b, 2d, 2e, 5f, 7e
>>   *|*|*|*|*|*|*|*|$[#&'*=?+\-._\~]%@*|* $Ninvalid$ character$ in$ mail$ from
>>  !
>>  ! Prohibit quoted single character questionable characters
>>  ! in the local part of the envelope from address
>>  ! ascii hex: 23, 26, 27, 2a, 3b, 3f, 2b, 2d, 2e, 5f, 7e
>>   *|*|*|*|*|*|*|*|"$[#&'*=?+\-._\~]%"@*|* $Ninvalid$ character$ in$ mail$
>> from
>>
>>
>>  Jeff Chan wrote:
>>
>>>
>>>
>>> Hi,
>>>
>>> I started to experiment with Gross few days ago with SJSMS. I observed
>>> that Gross crashed regularly, without any error message, and thus left
>>> the server out of greylisting protection.
>>>
>>> I use Gross 1.0rc2 and found it crashses when a spammer sends
>>> something like this:
>>>
>>> MAIL FROM: <spam"mer at dom> SIZE=1000
>>>
>>> The mail.log shows the MS takes spam"mer at dom> SIZE=1000 as the envelop
>>> address, without taking care of the unbalanced double quote. Although
>>> I think it's either a MS bug or at least a configuration issue, Gross
>>> shouldn't be crashing because of invalid inputs.
>>>
>>> Anyone encounters this issue? Or just me? And BTW, a little bit off
>>> topic, what's your experience dealing with invalid characters using
>>> the MS configuration files like mappings?
>>>
>>> Thanks.
>>>
>>> Jeff
>>> _______________________________________________
>>> Gross mailing list
>>> Gross at lists.utu.fi
>>> https://lists.utu.fi/mailman/listinfo/gross
>>>
>>  --
>>   Jesse Thompson
>>   Email/IM: jesse.thompson at doit.wisc.edu
>>

-- 
   Jesse Thompson
   Email/IM: jesse.thompson at doit.wisc.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3340 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.utu.fi/pipermail/gross/attachments/20080424/b7b63b6b/attachment.bin>

More information about the Gross mailing list