segmentation fault in dccproc (1.3.24)

Vernon Schryver vjs@calcite.rhyolite.com
Sun Dec 11 04:41:17 UTC 2005


> From: "John R Levine" 

> > So which MTA does not do that?  Guessing from your headers, is it
> > qmail?  If so, why am I not surprised?
>
> As you surmise, qmail adds a Return-Path: at the top of the message but
> doesn't mess with it otherwise at delivery time.  The RFC says that
> stripping an old one is a MAY, and this behavior is consistent with
> qmail's policy of not making gratuitous changes to mail in transit.
>
> Assuming software that looks for Return-Path: stops after it sees the
> first one, it shouldn't matter whether a message has one header or a
> hundred. 

As you can see by reading the code or a quick test, dccproc pays attention
to only the first Return-Path.  Besides, there is only one Return-Path
header in the message that triggered the dccproc crash.  See
http://www.rhyolite.com/pipermail/dcc/2005/002940.html

An alternate theory is that qmail generated the bogus Return-Path based
on a bogus value in the Mail_From value from the spammer.  That's
consistent with the X-Env-Sender header, whether qmail, the spammer,
or something else added that header.  Do you consider that acceptable
behavior from an MTA in this century?  One might say that would allow
the de facto standard filtering for reasonable envelope values to be
done outside the main MTA, but I'd ask whether that is actually possible.
Does qmail allow external code to detect bogus Mail_From values and
reject the SMTP transaction or must filtering either bounce non-delivery
reports or backhole innocent hits?  Oh, well, bogus Mail_From values are
less likely to contribute to spam backscatter.


>           Any software that crashes merely because a message has a
> malformed header, well, sheesh.

Sheesh indeed.  I stipulated that the dccproc behavior is unacceptable
and have already fixed it.

Qmail's history differs.  Will qmail ever be fixed to consistently add
message-ID headers?  Yes, I know that Message-IDs are only "SHOULDs."
The design school that produced qmail has a long history of violating
SHOULDs and MAYs that everyone else treats as MUSTs, and not only in
SMTP.  Yes, I recall that I've been told that qmail only fails to add
message-IDs to passing mail and adds them to message qmail generates.
Perhaps because I'm not a member of the right church, those assurances
have not made me disbelieve the contrary evidence in my logs.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.