[milters] Archive

Lists Index Date Thread Search

Article: 1362
From: Anthony Howe
Date: 2006-12-09 04:08:14 -0500
Subject: Re: Line lengths & milter-link

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support

Quentin Campbell wrote:
> Most of the time it correctly whitelists messages from hosts on our
> internal network but sometimes it fails to. Thus a message with a
> particular URL is whitelisted one day but the next day that URL causes
> the message to be rejected.

Q: What is the complete URL?

> I am desperately casting around for possible explanations for this
> behaviour! The messages in question contain records extracted from web
> proxy logs. The record length can thus exceed 1k. Could the length of
> records in a message cause milter-link to ignore whitelisting entries in
> access.db? 

Assuming the access-db is configured and read correctly; I'm not saying 
it's not the source of the problem, just I'm doing a walk through here.

In filterOpen() the smfAccessHost() will set true the flag 
data->work.skipConnection if the client connection by IP or domain of 
the reverse DNS is found white-listed (OK or RELAY) in the access map. 
The only way override that would be to specify a negative REJECT 
response for a sender, AUTH, or recipient.

Q: Is your white listing specified by IP or domain?

In filterMail(), this flag is carried over to data->work.skipMessage. A 
  A REJECT found by smfAccessMail() or smfAccessAuth() would result in 
an immediate rejection with the message "sender blocked". Similarly for 
smfAccessRcpt() in filterRcpt().

filterBody() and filterEndMessage() at the top of their functions test 	

	if (data->work.skipMessage) {

and by pass the processing if it's true. I think the logic is correct. 
In order perform URI processing we would have had to NOT find the 
necessary access.db entries. So we have to challenge the assumption that 
access-db is not properly configured or a bug lies here.

Q: Refresh my memory as to OS and version of Berkeley DB being used by 
sendmail, makemap, and the milter?

Your 2nd question concerning line record lengths.

Q: Can you provide one or two records that trigger milter-link?

In libsnert, uri.h specifies a 1024 byte hold buffer in which a possible 
URL is built up from input. RFC 2821 specifies that SMTP DATA text line 
lengths must not exceed 1000 bytes including the CRLF (use 
quoted-printable soft-line breaks otherwise), but I doubt that would be 
an issue since its more than likely that the line record will contain 
spaces and and other invalid URL characters, such that the hold buffer 
would be reset several times while reading the input from a line. Now on 
the off chance that you actually have a URL greater than 1024 bytes, 
then mimeGetUri() flushs the hold buffer and starts a new as noted in 
the comments:

	/* If the hold buffer is full, just dump it. The
	 * buffer is larger that any _normal_ URL should
	 * be and its assumed it would fail to parse.

You could try doubling the hold buffer size, but I think this is not the 
cause of your 1st problem with respect to white listing. Whether there 
is a line length bug here I would need samples to test with.

Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         AIM: SirWumpus    Sendmail Milter Solutions
http://www.snert.com/     ICQ: 7116561

Lists Index Date Thread Search