Milter-greylist

Rini van Zetten <Rini@...> wrote:

> I use milter-greylist version 2.0.2.
> 
> Is there a solution ?
> Is the 3.0 rc stable enough to use ?

I use 3.0rc in production. Can you give it a try?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

--- In milter-greylist@yahoogroups.com, manu@... wrote:
>
> Rini van Zetten <Rini@...> wrote:
> 
> > I use milter-greylist version 2.0.2.
> > 
> > Is there a solution ?
> > Is the 3.0 rc stable enough to use ?
> 
> I use 3.0rc in production. Can you give it a try?
> 

Ok I will try, thanks for answering.

Rini

> -- 
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@...
>

--- In milter-greylist@yahoogroups.com, "rdrvzet" <Rini@...> wrote:
>
> --- In milter-greylist@yahoogroups.com, manu@ wrote:
> >
> > Rini van Zetten <Rini@> wrote:
> > 
> > > I use milter-greylist version 2.0.2.
> > > 
> > > Is there a solution ?
> > > Is the 3.0 rc stable enough to use ?
> > 
> > I use 3.0rc in production. Can you give it a try?
> > 
> 
> Ok I will try, thanks for answering.
> 
> Rini
> 
> > -- 
> > Emmanuel Dreyfus
> > http://hcpnet.free.fr/pubz
> > manu@
> >
>

With 3.0rc5 I had the same problem today with a semicolon.
By the way: we use 3.0rc5 on two mailservers, with half a million
greylisted entries each day, no more trouble since upgrading from 2.02.

Hans

At Thu, 26 Oct 2006 16:07:25 -0000,
hwdahm wrote:
> 
> --- In milter-greylist@yahoogroups.com, "rdrvzet" <Rini@...> wrote:
> >
> > --- In milter-greylist@yahoogroups.com, manu@ wrote:
> > >
> > > Rini van Zetten <Rini@> wrote:
> > > 
> > > > I use milter-greylist version 2.0.2.
> > > > 
> > > > Is there a solution ?
> > > > Is the 3.0 rc stable enough to use ?
> > > 
> > > I use 3.0rc in production. Can you give it a try?
> > > 
> > 
> > Ok I will try, thanks for answering.
> > 
> > Rini
> > 
> > > -- 
> > > Emmanuel Dreyfus
> > > http://hcpnet.free.fr/pubz
> > > manu@
> > >
> >
> 
> With 3.0rc5 I had the same problem today with a semicolon.
> By the way: we use 3.0rc5 on two mailservers, with half a million
> greylisted entries each day, no more trouble since upgrading from 2.02.
> 

This bug should be considered as a DoS vulnerability. We must validate
email addresses and strip unnecessary parts.

http://www.j10n.org/files/milter-greylist-3.0rc6-dosfix.patch

If we reject rare addresses like <(comment) "Quoted" @[1.2.3.4]>, it
can be fixed in simpler manner.

AIDA Shinra <shinra@...> wrote:

> http://www.j10n.org/files/milter-greylist-3.0rc6-dosfix.patch
-email          {mailbox}"\@"{domainname}
+domainliteral  "["([0-9.]+|IPv6:[0-9.:]+)"]"
+email          {mailbox}"\@"({domainname}|{domainliteral})

That's a big change. I used the email definition from RFC822. There is
no way to fix that without changing the email definition?
 
> If we reject rare addresses like <(comment) "Quoted" @[1.2.3.4]>, it
> can be fixed in simpler manner.

Is <(comment) "Quoted" @[1.2.3.4]> a valid address? 

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Hi,

>>>>> On Sun, 29 Oct 2006 02:53:37 +0900
>>>>> AIDA Shinra <shinra@...> said:

shinra> +domainliteral	"["([0-9.]+|IPv6:[0-9.:]+)"]"
shinra> +email		{mailbox}"\@"({domainname}|{domainliteral}) 

The string form of IPv6 address is hexadecimal.

Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@...  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

At Sat, 28 Oct 2006 22:18:22 +0200,
manu@... wrote:
> 
> AIDA Shinra <shinra@...> wrote:
> 
> > http://www.j10n.org/files/milter-greylist-3.0rc6-dosfix.patch
> -email          {mailbox}"\@"{domainname}
> +domainliteral  "["([0-9.]+|IPv6:[0-9.:]+)"]"
> +email          {mailbox}"\@"({domainname}|{domainliteral})
> 
> That's a big change. I used the email definition from RFC822. There is
> no way to fix that without changing the email definition?

A possible workaround is to replace '[', ']' and ':' into '_'.

> > If we reject rare addresses like <(comment) "Quoted" @[1.2.3.4]>, it
> > can be fixed in simpler manner.
> 
> Is <(comment) "Quoted" @[1.2.3.4]> a valid address? 

Valid but RFC2822 reads:

  then the dot-atom form SHOULD be used and the
  quoted-string form SHOULD NOT be used. Comments and folding white
  space SHOULD NOT be used around the "@" in the addr-spec.

Therefore, we may assume that when a client includes comment or
quoted-string in MAIL FROM: or RCPT TO: the client will be a spammer.
In contrast, I can't find such a claim against domain-literal either
RFC2821 or RFC2822.

AIDA Shinra <shinra@...> wrote:

> A possible workaround is to replace '[', ']' and ':' into '_'.

That looks less invasive, and we alreay do that for spaces. Do you see
any drawback?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

At Sun, 29 Oct 2006 06:50:41 +0100,
manu@... wrote:
> 
> AIDA Shinra <shinra@...> wrote:
> 
> > A possible workaround is to replace '[', ']' and ':' into '_'.
> 
> That looks less invasive, and we alreay do that for spaces. Do you see
> any drawback?

Such a hack makes things more complicated and less intuitive. It is
important that validation/canonization code is the most invasive part
and cannot be removed. Even if we rejected quoted-string and comment,
and replaced '[', ']' and '_' into '_', canonize_mail_address() would
be still long and complicated. That is why I implemented full RFC2822.

You may worry about compatibility with existing versions. My answer is
simple: we must get rid of all existing versions. They are vulnerable.
They dumbly records given mail addresses and fails to parse
greylist.db. All efforts to keep compatibilitiy cannot change things
better. We only need to make sure that the new milter-greylist can
load existing greylist.db.

AIDA Shinra <shinra@...> wrote:

> You may worry about compatibility with existing versions. My answer is
> simple: we must get rid of all existing versions. They are vulnerable.
> They dumbly records given mail addresses and fails to parse
> greylist.db. All efforts to keep compatibilitiy cannot change things
> better. We only need to make sure that the new milter-greylist can
> load existing greylist.db.

When I wrote it initially, my idea was that I didn't care about
unparsable addresses that could get into the database, because I could
just ignore them when reloading. 

So in my opinion, the problem is just that we bug on reloading bogus
addresses from the database, where we should just ignore them and skip
the line.

Do you see any problem with that approach?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

At Sun, 29 Oct 2006 16:30:54 +0100,
manu@... wrote:
> 
> AIDA Shinra <shinra@...> wrote:
> 
> > You may worry about compatibility with existing versions. My answer is
> > simple: we must get rid of all existing versions. They are vulnerable.
> > They dumbly records given mail addresses and fails to parse
> > greylist.db. All efforts to keep compatibilitiy cannot change things
> > better. We only need to make sure that the new milter-greylist can
> > load existing greylist.db.
> 
> When I wrote it initially, my idea was that I didn't care about
> unparsable addresses that could get into the database, because I could
> just ignore them when reloading. 
> 
> So in my opinion, the problem is just that we bug on reloading bogus
> addresses from the database, where we should just ignore them and skip
> the line.
> 
> Do you see any problem with that approach?

Sounds reasonable. In this approach we only need to take care about
lex/yacc caveats and non-ASCII characters breaking ctype(3).

> > > You may worry about compatibility with existing versions. My answer is
> > > simple: we must get rid of all existing versions. They are vulnerable.
> > > They dumbly records given mail addresses and fails to parse
> > > greylist.db. All efforts to keep compatibilitiy cannot change things
> > > better. We only need to make sure that the new milter-greylist can
> > > load existing greylist.db.
> > 
> > When I wrote it initially, my idea was that I didn't care about
> > unparsable addresses that could get into the database, because I could
> > just ignore them when reloading. 
> > 
> > So in my opinion, the problem is just that we bug on reloading bogus
> > addresses from the database, where we should just ignore them and skip
> > the line.
> > 
> > Do you see any problem with that approach?
> 
> Sounds reasonable. In this approach we only need to take care about
> lex/yacc caveats and non-ASCII characters breaking ctype(3).

Is this patch sufficient? I'm new to lex/yacc...

http://www.j10n.org/files/milter-greylist-3.0rc6-dosfix2.patch