My server has been receiving a lot of spam lately where the username
portion of the email address in the MAIL FROM command contains a UTF
byte-order mark (BOM).
With my configuration until this point:
1. Postfix does recipient verification with Dovecot LMTP, which doesn't
care about the BOM as the envelope sender isn't being checked at that point.
2. Postfix sends the SMTP session with the client, indicating success.
3. Postfix delivers the message via Dovecot LMTP, at which point Dovecot
rejects it due to the invalid envelope sender, resulting in Postfix
generating a bounce message.
4. The bounce message, being sent with a RCPT TO header which now
contains the BOM, generally fails to send, but can result in backscatter
if the receiving host strips the BOM or uses a catch-all forwarder.
I was able to solve this problem locally by using "check_sender_access"
in "smtpd_sender_restrictions", using a "pcre" lookup table, with a rule
of "/\xEF\xBB\xBF/ REJECT" (if this gets mangled, it's a pattern simply
consisting of the three hexadecimal escapes for the bytes composing the
BOM).
However, it would be nice if there was an easy way to detect and handle
this situation, maybe with something else which could be used in
"smtpd_sender_restrictions".
Example SMTP session script (I piped to telnet) to simulate this UTF BOM
MAIL FROM behavior:
---
#!/bin/bash
printf 'EHLO my.actual.host.name\n'
sleep 1
utf_bom=$(printf '%b' '\xEF\xBB\xBF')
printf 'MAIL FROM: <za'"$utf_bom"'c...@callear.org>\n'
#printf 'MAIL FROM: <z...@callear.org>\n'
sleep 1
printf 'RCPT TO: <z...@callear.org>\n'
sleep 1
printf 'DATA\n'
cat <<BODY
Subject: Test Message
From: Zach Callear <z...@callear.org>
To: Zach Callear <z...@callear.org>
This is a test message.
.
BODY
---
