We recently noticed a message in our postfix queue that thought it was
addressed to " foo.com". After examining it, it turned out that Qpsmtpd
accepted a MAIL FROM command formatted like so:
MAIL FROM:<u...@d.com,foo.com>
When it passed it to postfix, it transmographied it first into the
sender 'u...@domain.com, something.com' and then into the sender
'u...@domain.com' and the recipient ' something.com'. That's a bit
silly, but it seems that QP never should have accepted the message in
the first place. I tested using vanilla git Qpsmptd::Address as follows:
perl -MQpsmtpd::Address -le \
"print Qpsmtpd::Address->new('<u...@d.com,foo.com>')"
<u...@d.com,foo.com>
Taking a look at Qpsmtpd::Address, I noticed some comments and code that
seemed to be looking for similar syntax:
line
# A-d-l = At-domain *( "," A-d-l )
# ; Note that this form, the so-called "source route",
# ; MUST BE accepted, SHOULD NOT be generated, and SHOULD be
# ; ignored.
...
# strip source route
$path =~ s/^...@$domain(?:,\...@$domain)*://;
It looks to me like it's trying to find syntax like:
MAIL FROM:<u...@d.com,@foo.com>
and make it equivalent to just MAIL FROM:<u...@d.com>
That doesn't seem to be what it actually does, though:
perl -MQpsmtpd::Address -le \
"print Qpsmtpd::Address->new('<u...@d.com,@foo.com>')"
<"u...@d.com\,"@foo.com>
Does anyone have a good enough grasp on rfc2821 and
Qpsmtpd::Address::canonify() to know just what canonify() is actually
supposed to be doing with "source routes" and why it's managing to allow
this obviously invalid syntax through instead?
-Jared
--
Inbound and outbound email scanned for spam and viruses by the
DoubleCheck Email Manager v5: http://www.doublecheckemail.com
