Ilja Booij wrote:
Ilja Booij wrote:
Douglas Stanley wrote:
Ok I finally got some relavent log messages. It looks like something
crazy is happening in forward.c when it looks up an external forward
address, somehow the sender's address gets a little garbled and gets
some random text added to the end of the string (malloc kind of
error?).
Anyways, here's the relevant portion of the log...
<snip part of log>
<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>, Message-ID:
<[EMAIL PROTECTED]>, Hits: -4.9
Aug 20 09:35:50 mx postfix/qmgr[1792]: A90E211E569:
from=<[EMAIL PROTECTED]>, size=3804, nrcpt=2 (queue active)
So, this is a message from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]>
which gets forward to <[EMAIL PROTECTED]>. Correct me if
I'm wrong.
Aug 20 09:35:50 mx amavis[14939]: (14939-13) TIMING [total 2118 ms] -
SMTP EHLO: 1 (0%), SMTP pre-MAIL: 0 (0%), SMTP pre-DATA-flush: 3
(0%), SMTP DATA: 38 (2%), body hash: 0 (0%), lookup_sql: 3 (0%),
lookup_sql: 2 (0%), mime_decode: 16 (1%), get-file-type: 16 (1%),
get-file-type: 10 (0%), decompose_part: 3 (0%), decompose_part: 0
(0%), parts: 0 (0%), AV-scan-1: 6 (0%), lookup_sql: 2 (0%),
lookup_sql: 2 (0%), SA msg read: 2 (0%), SA parse: 1 (0%), SA check:
1875 (89%), fwd-connect: 9 (0%), fwd-mail-from: 1 (0%), fwd-rcpt-to:
3 (0%), write-header: 2 (0%), fwd-data: 0 (0%), fwd-data-end: 114
(5%), fwd-rundown: 1 (0%), unlink-2-files: 5 (0%), rundown: 0 (0%)
Aug 20 09:35:50 mx dbmail/lmtpd[1585]: misc.c, find_bounded: Found
[EMAIL PROTECTED] of length [16] between '<' and '>' so next skip [22]
Aug 20 09:35:50 mx dbmail/lmtpd[1585]: misc.c, find_bounded: Found
[EMAIL PROTECTED] of length [16] between '<' and '>' so next skip [20]
Aug 20 09:35:50 mx dbmail/lmtpd[1585]: misc.c, find_bounded: Found
[EMAIL PROTECTED] of length [17] between '<' and '>' so next skip
[21]
Aug 20 09:35:50 mx dbmail/lmtpd[1585]: sort.c, sort_and_deliver:
message id=189542, size=3705 is inserted
Aug 20 09:35:50 mx dbmail/lmtpd[1585]: forward.c,forward: delivering
to [1] external addresses
Aug 20 09:35:50 mx dbmail/lmtpd[1585]: forward.c,forward: opening
pipe to command /usr/sbin/sendmail -f [EMAIL PROTECTED]
[EMAIL PROTECTED]
What seems to go wrong, is that the string [EMAIL PROTECTED] is not
ended with a '\0'.
I'll have to take a good look at this, I agree that it's a critical bug.
It's really strange.. from the above output it seems [EMAIL PROTECTED]
is parsed alright. But later on it obviously is in a different state..
by the way, the problem is probably not in the other address
([EMAIL PROTECTED]), because the output
command is:
snprintf(command, command_len, "%s -f %s %s", sendmail, from, (char*)
target->data);
notice the space between the second and third %s. In the log above,
there is no space.
FOUND IT!
in line 639 of lmtp.c:
list_nodeadd(&fromlist, envelopefrom, strlen(envelopefrom);
This forgets to add the final '\0' character in envelopefrom. A simpel
strlen(envelopefrom) + 1 solves the problem.
Why the bug wasn't found earlier I don't know. This code hasn't changed
in the last versions.
Anyway, thanks for the report, I'll update CVS now.
Ilja
--
Ilja Booij
IC&S B.V.
Stadhouderslaan 57
3583 JD Utrecht
www.ic-s.nl
T algemeen: 030 6355730
T direct: 030 6355739
F: 030 6355731
E: [EMAIL PROTECTED]
