Postfix : RFC2821
Hi,
I've found a bug in postfix-2.1.5-5 when using it w/ IPv6 and the
"smtpd_sender_restrictions = reject_invalid_hostname" restriction.
Postfix doesn't respect RFC2821 in EHLO formatting (chpt 4.3.1).
Indeed, RFC2821 says that the mail client has to format its EHLO request
with the prefix "[IPv6:" and the "]" suffix (around its IPv6 address, if
he contact the MTA through IPv6). In previous versions (IPv6 patched),
postfix was only accepting the "[" prefix and the "]" suffix. In the
current one, it also replace every ":" by a "?" which makes impossible
any proper (or not) IPv6 EHLO request.
I've developped a patch which resolves the prefix problem and the "?"
one... I don't know if this has been made the way postfix has to
(following RFC2821), but it works. you'd be able to find it attached to
this mail.
Notice that this is already possible to send a bogus EHLO request (like
"EHLO [::1]", instead of "EHLO [IPv6:::1]")... it may need more
investigations.
greetings,
--
Baptiste SIMON
aka BeTa
Administrateur systemes GNU/Linux, Unix, IPv6 | http://www.e-glop.net/
Developpement, design systeme | CNAM - CEANTE - http://ceante.cnam.fr/
#! /bin/sh /usr/share/dpatch/dpatch-run
## 70rfc2821.dpatch by Baptiste SIMON <beta@e-glop.net>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Making postfix RFC2821 compliant
@DPATCH@
diff -Nru postfix-2.1.5/src/util/valid_hostname.c postfix-2.1.5-6/src/util/valid_hostname.c
--- postfix-2.1.5-5/src/util/valid_hostname.c 2005-01-24 19:09:08.177581992 +0100
+++ postfix-2.1.5-6/src/util/valid_hostname.c 2005-01-24 19:07:18.992180696 +0100
@@ -166,6 +166,7 @@
{
const char *cp;
char *myname = "valid_hostaddr";
+ char *addr_ipv6 = NULL;
int in_byte = 0;
int byte_count = 0;
int byte_val = 0;
@@ -175,6 +176,7 @@
#endif
#define BYTES_NEEDED 4
+#define IPV6_RFC2821 5
/*
* Trivial cases first.
@@ -200,10 +202,12 @@
* Preliminary IPV6 support.
*/
if (strchr(addr, ':')) {
- if (*(cp = addr + strspn(addr, INET6_ADDR_PRES_CHARS)) != 0) {
+ if (strlen(addr) > 5) return (3);
+ addr_ipv6 = addr + IPV6_RFC2821;
+ if (*(cp = addr_ipv6 + strspn(addr_ipv6, INET6_ADDR_PRES_CHARS)) != 0) {
if (gripe)
msg_warn("%s: invalid character %d(decimal): %.100s",
- myname, *cp, addr);
+ myname, *cp, addr_ipv6);
return (0);
}
return (1);
--- postfix-2.1.5-5/src/smtpd/smtpd.c 2005-01-26 17:43:31.657015872 +0100
+++ postfix-2.1.5-6/src/smtpd/smtpd.c 2005-01-26 15:25:33.000000000 +0100
@@ -834,7 +834,7 @@
/*
* This filter is applied after printable().
*/
-#define NEUTER_CHARACTERS " <>()\\\";:@"
+#define NEUTER_CHARACTERS " <>()\\\";@"
#ifdef USE_SASL_AUTH
--- Begin Message ---
Hi Jones,
I have probably found a bug w/ postfix and IPv6 (I'm running postfix...
when a client try to send a mail through IPv6, he has (if he choices to
send an IP address in the EHLO command) to add the "IPv6:" prefix to its
IPv6 address, but postfix rejects this.
Here are some references :
[ https://bugzilla.mozilla.org/show_bug.cgi?id=279109 ]
[ http://lists.debian.org/debian-ipv6/2004/07/msg00029.html ]
[ http://www.faqs.org/rfcs/rfc2821.html ] (chpt 4.3.1)
The RFC says (at the given chapter) :
Sometimes a host is not known to the domain name system and
communication (and, in particular, communication to report and repair
the error) is blocked. To bypass this barrier a special literal form
of the address is allowed as an alternative to a domain name. For
IPv4 addresses, this form uses four small decimal integers separated
by dots and enclosed by brackets such as [123.255.37.2], which
indicates an (IPv4) Internet Address in sequence-of-octets form. For
IPv6 and other forms of addressing that might eventually be
standardized, the form consists of a standardized "tag" that
identifies the address syntax, a colon, and the address itself, in a
format specified as part of the IPv6 standards [17].
Specifically:
IPv4-address-literal = Snum 3("." Snum)
IPv6-address-literal = "IPv6:" IPv6-addr
...
If I use postfix-2.0.18-1.0.ipv6.r1, it simply reject my EHLO command
[1], and if I use postfix-2.1.5-4, it also reject my EHLO command, but
with strange "???" instead of ":::" [2].
[1] 501 <[IPv6:::1]>: Helo command rejected: invalid ip address
[2] 501 <[IPv6???1]>: Helo command rejected: invalid ip address
notice that I've not found any address to mail the postfix team directly
(this is clearly indicated that postfix-devel@ is not here for that kind
of stuff), that's why I'm contacting you.
I hope it would help (everyone)... :c)
--
Baptiste SIMON
aka BeTa
Administrateur systèmes GNU/Linux, Unix, IPv6 | http://www.e-glop.net/
Développement, design système | CNAM - CEANTE - http://ceante.cnam.fr/
--- End Message ---
Reply to: