Postfix : RFC2821

To: lamont@debian.org
Cc: debian-ipv6@lists.debian.org, postfix-devel@postfix.org
Subject: Postfix : RFC2821
From: Baptiste SIMON <baptiste.simon@e-glop.net>
Date: Thu, 27 Jan 2005 11:09:11 +0100
Message-id: <[🔎] 41F8BDC7.3080509@e-glop.net>

Hi,

I've found a bug in postfix-2.1.5-5 when using it w/ IPv6 and the"smtpd_sender_restrictions = reject_invalid_hostname" restriction.Postfix doesn't respect RFC2821 in EHLO formatting (chpt 4.3.1).

Indeed, RFC2821 says that the mail client has to format its EHLO requestwith the prefix "[IPv6:" and the "]" suffix (around its IPv6 address, ifhe contact the MTA through IPv6). In previous versions (IPv6 patched),postfix was only accepting the "[" prefix and the "]" suffix. In thecurrent one, it also replace every ":" by a "?" which makes impossibleany proper (or not) IPv6 EHLO request.

I've developped a patch which resolves the prefix problem and the "?"one... I don't know if this has been made the way postfix has to(following RFC2821), but it works. you'd be able to find it attached tothis mail.

Notice that this is already possible to send a bogus EHLO request (like"EHLO [::1]", instead of "EHLO [IPv6:::1]")... it may need moreinvestigations.


greetings,

--
Baptiste SIMON
   aka BeTa
Administrateur systemes GNU/Linux, Unix, IPv6 | http://www.e-glop.net/
Developpement, design systeme | CNAM - CEANTE - http://ceante.cnam.fr/

#! /bin/sh /usr/share/dpatch/dpatch-run
## 70rfc2821.dpatch by Baptiste SIMON <beta@e-glop.net>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Making postfix RFC2821 compliant

@DPATCH@
diff -Nru postfix-2.1.5/src/util/valid_hostname.c postfix-2.1.5-6/src/util/valid_hostname.c
--- postfix-2.1.5-5/src/util/valid_hostname.c	2005-01-24 19:09:08.177581992 +0100
+++ postfix-2.1.5-6/src/util/valid_hostname.c	2005-01-24 19:07:18.992180696 +0100
@@ -166,6 +166,7 @@
 {
     const char *cp;
     char   *myname = "valid_hostaddr";
+    char   *addr_ipv6 = NULL;
     int     in_byte = 0;
     int     byte_count = 0;
     int     byte_val = 0;
@@ -175,6 +176,7 @@
 #endif
 
 #define BYTES_NEEDED	4
+#define IPV6_RFC2821	5
 
     /*
      * Trivial cases first.
@@ -200,10 +202,12 @@
      * Preliminary IPV6 support.
      */
     if (strchr(addr, ':')) {
-	if (*(cp = addr + strspn(addr, INET6_ADDR_PRES_CHARS)) != 0) {
+	if (strlen(addr) > 5) return (3);
+	addr_ipv6  = addr + IPV6_RFC2821;
+	if (*(cp = addr_ipv6 + strspn(addr_ipv6, INET6_ADDR_PRES_CHARS)) != 0) {
 	    if (gripe)
 		msg_warn("%s: invalid character %d(decimal): %.100s",
-			 myname, *cp, addr);
+			 myname, *cp, addr_ipv6);
 	    return (0);
 	}
 	return (1);

--- postfix-2.1.5-5/src/smtpd/smtpd.c	2005-01-26 17:43:31.657015872 +0100
+++ postfix-2.1.5-6/src/smtpd/smtpd.c	2005-01-26 15:25:33.000000000 +0100
@@ -834,7 +834,7 @@
  /*
   * This filter is applied after printable().
   */
-#define NEUTER_CHARACTERS " <>()\\\";:@"
+#define NEUTER_CHARACTERS " <>()\\\";@"
 
 #ifdef USE_SASL_AUTH

--- Begin Message ---

To: lamont@debian.org
Cc: debian-ipv6@lists.debian.org
Subject: [IPv6] postfix bug
From: Baptiste SIMON <baptiste.simon@e-glop.net>
Date: Fri, 21 Jan 2005 11:40:18 +0100
Message-id: <[🔎] 41F0DC12.5080508@e-glop.net>

Hi Jones,

I have probably found a bug w/ postfix and IPv6 (I'm running postfix...
when a client try to send a mail through IPv6, he has (if he choices to
send an IP address in the EHLO command) to add the "IPv6:" prefix to its
IPv6 address, but postfix rejects this.

Here are some references :
[ https://bugzilla.mozilla.org/show_bug.cgi?id=279109 ]
[ http://lists.debian.org/debian-ipv6/2004/07/msg00029.html ]
[ http://www.faqs.org/rfcs/rfc2821.html ] (chpt 4.3.1)

The RFC says (at the given chapter) :
   Sometimes a host is not known to the domain name system and
   communication (and, in particular, communication to report and repair
   the error) is blocked.  To bypass this barrier a special literal form
   of the address is allowed as an alternative to a domain name.  For
   IPv4 addresses, this form uses four small decimal integers separated
   by dots and enclosed by brackets such as [123.255.37.2], which
   indicates an (IPv4) Internet Address in sequence-of-octets form.  For
   IPv6 and other forms of addressing that might eventually be
   standardized, the form consists of a standardized "tag" that
   identifies the address syntax, a colon, and the address itself, in a
   format specified as part of the IPv6 standards [17].

   Specifically:

      IPv4-address-literal = Snum 3("." Snum)
      IPv6-address-literal = "IPv6:" IPv6-addr

...

If I use postfix-2.0.18-1.0.ipv6.r1, it simply reject my EHLO command[1], and if I use postfix-2.1.5-4, it also reject my EHLO command, butwith strange "???" instead of ":::" [2].


[1] 501 <[IPv6:::1]>: Helo command rejected: invalid ip address
[2] 501 <[IPv6???1]>: Helo command rejected: invalid ip address

notice that I've not found any address to mail the postfix team directly
(this is clearly indicated that postfix-devel@ is not here for that kind
of stuff), that's why I'm contacting you.

I hope it would help (everyone)... :c)

--
Baptiste SIMON
   aka BeTa
Administrateur systèmes GNU/Linux, Unix, IPv6 | http://www.e-glop.net/
Développement, design système | CNAM - CEANTE - http://ceante.cnam.fr/

--- End Message ---

Reply to:

Follow-Ups:
- Re: Postfix : RFC2821
  - From: Baptiste SIMON <baptiste.simon@e-glop.net>

Prev by Date: Re: How to setup a IPv6 in IPv4 tunnel?
Next by Date: Re: Postfix : RFC2821
Previous by thread: Re: How to setup a IPv6 in IPv4 tunnel?
Next by thread: Re: Postfix : RFC2821
Index(es):
- Date
- Thread