Control: clone -1 -2
Control: reassign -2 sendmail
Control: severity -2 normal
Control: retitle -2 sendmail: milter expansion of "$b" macro is unreliable
Control: found -2 8.15.2-14~deb10u1

The underlying bug appears to be in sendmail. But I'm keeping the
spamass-milter bug open since the use of the "$b" macro there make this
a major problem.

The bug is that sendmail returns sendmail process start time instead of
current time when milters request the "$b" macro ("The current date in
RFC822 format").  This happens often, but not on every milter excution.
Sometimes the correct current time is returned. I do not know the exact
trigger...

The bug is easily reproduced using this simple noop python milter:

import Milter
import time

class DbgMilter(Milter.Base):
  @Milter.noreply
  def envrcpt(self, to, *str):
    print("envrcpt() expanded 'b' to '", self.getsymval("b"), "' at ", 
time.strftime("%Y-%m-%d %H:%M:%S"))
    return Milter.CONTINUE
    
if __name__ == "__main__":
  Milter.factory = DbgMilter
  Milter.runmilter("dbgmilter", "/tmp/dbgmilter", 600)


configured as


 INPUT_MAIL_FILTER(`dbg', `S=local:/tmp/dbgmilter, F=, T=S:4m;R:30m;E:40m')dnl
 define(`confMILTER_MACROS_ENVRCPT', `{rcpt_mailer}, {rcpt_host}, {rcpt_addr}, 
{auth_type}, b, i, j, r, v, Z, _, {greylist}')dnl


Running this milter for a while I get:

bjorn@canardo:~/scripts/bjorn-scripts$ python3 pymilter-dbg.py
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:22:50 +0100 ' at  2020-01-20 
13:50:56
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:51:02 +0100 ' at  2020-01-20 
13:51:02
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:22:50 +0100 ' at  2020-01-20 
13:52:17
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:22:50 +0100 ' at  2020-01-20 
13:52:23
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:22:50 +0100 ' at  2020-01-20 
13:52:28
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:52:51 +0100 ' at  2020-01-20 
13:52:52
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:53:05 +0100 ' at  2020-01-20 
13:53:06
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:53:25 +0100 ' at  2020-01-20 
13:53:28
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:54:48 +0100 ' at  2020-01-20 
13:54:48
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:55:36 +0100 ' at  2020-01-20 
13:55:36
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:57:07 +0100 ' at  2020-01-20 
13:57:07
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:57:12 +0100 ' at  2020-01-20 
13:57:12
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 14:00:05 +0100 ' at  2020-01-20 
14:00:05
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 14:00:50 +0100 ' at  2020-01-20 
14:00:50
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:22:50 +0100 ' at  2020-01-20 
14:01:22
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 14:02:02 +0100 ' at  2020-01-20 
14:02:02
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 14:03:14 +0100 ' at  2020-01-20 
14:03:17
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 14:06:48 +0100 ' at  2020-01-20 
14:06:49
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:22:50 +0100 ' at  2020-01-20 
14:07:00
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:22:50 +0100 ' at  2020-01-20 
14:07:11
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:22:50 +0100 ' at  2020-01-20 
14:07:22
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:22:50 +0100 ' at  2020-01-20 
14:07:30
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:22:50 +0100 ' at  2020-01-20 
14:07:41
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:22:50 +0100 ' at  2020-01-20 
14:07:43
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:22:50 +0100 ' at  2020-01-20 
14:07:54
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:22:50 +0100 ' at  2020-01-20 
14:07:55
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:22:50 +0100 ' at  2020-01-20 
14:08:03
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 14:13:24 +0100 ' at  2020-01-20 
14:13:25
envrcpt() expanded 'b' to ' Mon, 20 Jan 2020 13:22:50 +0100 ' at  2020-01-20 
14:13:36


As you can see, a significant number of requests get "13:22:50" instead
of the actual current. This is the time sendmail was started:

bjorn@canardo:~$ ls --full-time /proc/$(pidof "sendmail: MTA: accepting 
connections")/cmdline
-r--r--r-- 1 root root 0 2020-01-20 13:22:50.429438748 +0100 /proc/25911/cmdline


-- Package-specific info:
Output of /usr/share/bug/sendmail/script:

ls -alR /etc/mail:
/etc/mail:
total 464
drwxr-sr-x  10 smmta  smmsp   4096 Jan 20 13:22 .
drwxr-xr-x 212 root   root   24576 Jan 20 06:53 ..
drwxr-xr-x   2 root   smmsp   4096 Jan 13 18:59 CVS
-rwxr-xr--   1 root   smmsp  12980 Jan 20 13:22 Makefile
drwxr-sr-x   2 root   smmsp   4096 Sep  6  2005 OLD
-rw-r--r--   1 root   root    4437 Jan 13 18:59 access
-rw-r-----   1 smmta  smmsp  12288 Jan 13 18:59 access.db
-rw-r--r--   1 root   root     281 Sep 21  2004 address.resolve
-rw-r--r--   1 root   root    1758 Dec  6 11:45 aliases
-rw-r--r--   1 smmta  smmsp  12288 Dec  6 11:45 aliases.db
-rw-r--r--   1 root   smmsp   3735 Jan 20 13:22 databases
-rw-r-----   1 smmta  smmsp     31 Apr 30  2001 default-auth-info
-r--r--r--   1 daemon daemon  5659 Dec  8  2016 helpfile
-rw-r--r--   1 root   root     323 Dec  6 11:45 local-host-names
-rw-r--r--   1 root   root    1706 Sep 16  2003 local_virtusertable
drwxr-sr-x   2 smmta  smmsp   4096 Sep  8 11:10 m4
-rw-r--r--   1 root   smmsp    185 Nov 24  2006 mailertable
-rw-r-----   1 root   smmsp  12288 Sep  8 11:10 mailertable.db
-rw-r--r--   1 smmta  smmsp   5083 Aug 14 12:57 mailman.aliases
-rw-r--r--   1 smmta  smmsp  12288 Dec  6 11:45 mailman.aliases.db
drwxr-xr-x   2 root   root    4096 Sep  8 11:10 peers
-rw-r--r--   1 root   root      72 Apr  7  2003 relay-domains
drwxr-xr-x   3 smmta  smmsp   4096 Feb 11  2009 sasl
-rw-r--r--   1 root   smmsp  63926 Jan 20 13:22 sendmail.cf
-rw-r--r--   1 root   root   63629 Sep  8 11:10 sendmail.cf.old
-rw-r--r--   1 root   root   12219 Sep  8 11:10 sendmail.conf
-rw-r--r--   1 root   smmsp   2732 Jan 20 13:22 sendmail.mc
-rw-r--r--   1 root   root     148 Sep 16  2018 service.switch
-rw-r--r--   1 root   root     179 Sep 16  2018 service.switch-nodns
-rw-r--r--   1 root   smmsp    489 Sep 19 18:16 smarttable
-rw-r-----   1 smmta  smmsp  12288 Sep 19 15:14 smarttable.db
drwxr-sr-x   2 smmta  smmsp   4096 May 19  2008 smrsh
drwxr-sr-x   2 root   smmsp   4096 May  3  2007 spamass.sock
lrwxrwxrwx   1 root   root      15 Feb 13  2008 spamassassin -> ../spamassassin
-rw-r--r--   1 root   smmsp    102 Jul 13  2017 srssecret
-rw-r--r--   1 root   smmsp  42828 Sep  8 11:10 submit.cf
-rw-r--r--   1 root   root   42780 Sep  8 11:10 submit.cf.old
-rw-r--r--   1 root   smmsp    423 Sep  8 11:10 submit.mc
drwxr-xr-x   3 smmta  smmsp   4096 Jul  4  2019 tls
-rw-r--r--   1 root   root      74 Aug 29  2014 trusted-users
-rw-r--r--   1 root   smmsp    262 Dec  6 11:45 virtusertable
-rw-r-----   1 root   smmsp  12288 Dec  6 11:45 virtusertable.db

/etc/mail/CVS:
total 20
drwxr-xr-x  2 root  smmsp 4096 Jan 13 18:59 .
drwxr-sr-x 10 smmta smmsp 4096 Jan 20 13:22 ..
-rw-r--r--  1 root  root   508 Jan 13 18:59 Entries
-rw-r--r--  1 root  smmsp   17 Apr  2  2003 Repository
-rw-r--r--  1 root  smmsp   19 Apr  2  2003 Root

/etc/mail/OLD:
total 12
drwxr-sr-x  2 root  smmsp 4096 Sep  6  2005 .
drwxr-sr-x 10 smmta smmsp 4096 Jan 20 13:22 ..
-rw-r--r--  1 root  root   683 Mar 27  2001 sasl.mc

/etc/mail/m4:
total 24
drwxr-sr-x  2 smmta smmsp 4096 Sep  8 11:10 .
drwxr-sr-x 10 smmta smmsp 4096 Jan 20 13:22 ..
-rw-r--r--  1 root  root   790 Jan 30  2017 clamav-milter.m4
-rw-r-----  1 root  smmsp  795 Sep 14  2007 dialup.m4
-rw-r--r--  1 root  root   107 Jul  3  2016 opendkim.m4
-rw-r-----  1 root  smmsp    0 Oct 23  2002 provider.m4
-rw-r--r--  1 root  smmsp 2463 Jul 25  2004 smarttable.m4

/etc/mail/peers:
total 12
drwxr-xr-x  2 root  root  4096 Sep  8 11:10 .
drwxr-sr-x 10 smmta smmsp 4096 Jan 20 13:22 ..
-rw-r--r--  1 root  root   328 Jul 18  2001 provider

/etc/mail/sasl:
total 24
drwxr-xr-x  3 smmta smmsp 4096 Feb 11  2009 .
drwxr-sr-x 10 smmta smmsp 4096 Jan 20 13:22 ..
drwxr-xr-x  2 root  root  4096 Feb 11  2009 CVS
-rw-r-----  1 smmta smmsp  701 Feb 11  2009 Sendmail.conf.2
-rw-r-----  1 smmta smmsp  610 Mar  4  2003 Sendmail.conf.2.OLD
-rwxr--r--  1 root  root  3653 Sep  8 11:10 sasl.m4

/etc/mail/sasl/CVS:
total 20
drwxr-xr-x 2 root  root  4096 Feb 11  2009 .
drwxr-xr-x 3 smmta smmsp 4096 Feb 11  2009 ..
-rw-r--r-- 1 root  root    50 Feb 11  2009 Entries
-rw-r--r-- 1 root  root    22 Feb 11  2009 Repository
-rw-r--r-- 1 root  root    19 Feb 11  2009 Root

/etc/mail/smrsh:
total 8
drwxr-sr-x  2 smmta smmsp 4096 May 19  2008 .
drwxr-sr-x 10 smmta smmsp 4096 Jan 20 13:22 ..
lrwxrwxrwx  1 root  root    26 Feb 13  2008 mail.local -> 
/usr/lib/sm.bin/mail.local
lrwxrwxrwx  1 root  root    17 Feb 13  2008 procmail -> /usr/bin/procmail
lrwxrwxrwx  1 root  smmsp   17 May 19  2008 vacation -> /usr/bin/vacation

/etc/mail/spamass.sock:
total 8
drwxr-sr-x  2 root  smmsp 4096 May  3  2007 .
drwxr-sr-x 10 smmta smmsp 4096 Jan 20 13:22 ..

/etc/mail/tls:
total 24
drwxr-xr-x  3 smmta smmsp 4096 Jul  4  2019 .
drwxr-sr-x 10 smmta smmsp 4096 Jan 20 13:22 ..
drwxr-xr-x  2 root  root  4096 Sep  9 16:37 CVS
-rw-r--r--  1 root  root     7 Mar  4  2003 no_prompt
lrwxrwxrwx  1 root  root    38 Jun 12  2017 sendmail-client.crt -> 
/etc/ssl/acme/live/canardo.mork.no.crt
lrwxrwxrwx  1 root  root    32 Jun 17  2015 sendmail-common.key -> 
/etc/ssl/private/canardo-key.pem
lrwxrwxrwx  1 root  root    24 Jun 17  2015 sendmail-common.prm -> 
/etc/ssl/CA/dhparams.pem
lrwxrwxrwx  1 root  root    42 Oct 20  2017 sendmail-intermediate-ca.crt -> 
/etc/ssl/acme/certs/canardo.mork.no/ca.cer
lrwxrwxrwx  1 root  root    38 Jun 12  2017 sendmail-server.crt -> 
/etc/ssl/acme/live/canardo.mork.no.crt
-rwxr-xr-x  1 root  root  3256 Sep  9 16:37 starttls.m4
-rw-r--r--  1 smmta smmsp 2109 Mar  3  2003 starttls.m4.OLD

/etc/mail/tls/CVS:
total 20
drwxr-xr-x 2 root  root  4096 Sep  9 16:37 .
drwxr-xr-x 3 smmta smmsp 4096 Jul  4  2019 ..
-rw-r--r-- 1 root  root    46 Sep  9 16:37 Entries
-rw-r--r-- 1 root  root    21 Jul  4  2019 Repository
-rw-r--r-- 1 root  root    19 Jul  4  2019 Root

sendmail.conf:
DAEMON_NETMODE="Static";
DAEMON_NETIF="eth0";
DAEMON_MODE="Daemon";
DAEMON_PARMS="";
DAEMON_HOSTSTATS="Yes";
DAEMON_MAILSTATS="Yes";
QUEUE_MODE="${DAEMON_MODE}";
QUEUE_INTERVAL="5m";
QUEUE_PARMS="";
MSP_MODE="Cron";
MSP_INTERVAL="5m";
MSP_PARMS="";
MSP_MAILSTATS="Yes";
MISC_PARMS="";
CRON_MAILTO="root";
CRON_PARMS="";
LOG_CMDS="No";
HANDS_OFF="No";
AGE_DATA="";
DAEMON_RUNASUSER="No";
DAEMON_STATS="${DAEMON_MAILSTATS}";
MSP_STATS="${MSP_MAILSTATS}";


sendmail.mc:
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
include(`/etc/mail/tls/starttls.m4')dnl
include(`/etc/mail/sasl/sasl.m4')dnl
VERSIONID(`$Id: sendmail.mc,v 1.58 2019/12/17 09:57:17 bjorn Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
define(`confSMTP_LOGIN_MSG', `$j Sendmail $v/$Z; $b')dnl
undefine(`confCF_VERSION')dnl
undefine(`confTLS_SRV_OPTIONS')dnl # enabling client cert vrfy to allow TLS 
based relaying
FEATURE(`nouucp', `nospecial')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`relay_entire_domain')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`virtusertable')dnl
FEATURE(`access_db')dnl
FEATURE(`local_procmail')dnl
FEATURE(`delay_checks')dnl
FEATURE(`mailertable')dnl
include(`/etc/mail/m4/smarttable.m4')dnl
INPUT_MAIL_FILTER(`opendkim', `S=local:/run/opendkim/opendkim.sock')dnl
INPUT_MAIL_FILTER(`spamassassin', `S=local:/run/spamass/spamass.sock, F=, 
T=S:4m;R:30m;E:40m')dnl
INPUT_MAIL_FILTER(`dbg', `S=local:/tmp/dbgmilter, F=, T=S:4m;R:30m;E:40m')dnl
include(`/etc/mail/m4/clamav-milter.m4')dnl
define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, 
{if_addr}, {daemon_port}')dnl
define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, 
{cert_subject}, {cert_issuer}, {verify}')dnl
define(`confMILTER_MACROS_ENVRCPT', `{rcpt_mailer}, {rcpt_host}, {rcpt_addr}, 
{auth_type}, b, i, j, r, v, Z, _, {greylist}')dnl
define(`confMIN_QUEUE_AGE', `10m')dnl
define(`confLOG_LEVEL', `10')dnl # - attempting to get useful AUTH logging 
(default is 9)
define(`confMILTER_LOG_LEVEL',`9')dnl # ...without creating unnecessary milter 
noise
define(`RELAY_MAILER_ARGS',`TCP $h 1025')dnl
define(`LOCAL_MAILER_FLAGS',`SPfhn8')dnl
define(`ALIAS_FILE', 
`MAIL_SETTINGS_DIR`'aliases,`'MAIL_SETTINGS_DIR`'mailman.aliases')dnl
define(`confCACERT', `/etc/mail/tls/sendmail-server.crt')dnl
FEATURE(`no_default_msa')dnl # need this to avoid port collision with the 
redefined IPv6 MSP-v6 below
DAEMON_OPTIONS(`Family=inet6, Name=MTA, Port=smtp')dnl
DAEMON_OPTIONS(`Family=inet6, Name=MSA, Port=submission, M=Ea')dnl
CLIENT_OPTIONS(`Family=inet, Address=148.122.252.1')dnl
CLIENT_OPTIONS(`Family=inet6, Address=2001:4641::1')dnl
MAILER(local)dnl
MAILER(smtp)dnl

submit.mc...
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: submit.mc,v 1.16 2017/10/20 09:57:06 bjorn Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-msp')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`msp', `[IPv6:::1]', `25')dnl
include(`/etc/mail/tls/starttls.m4')dnl
define(`confCACERT', `/etc/mail/tls/sendmail-server.crt')dnl


-- System Information:
Debian Release: 10.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sendmail depends on:
ii  sendmail-base  8.15.2-14~deb10u1
ii  sendmail-bin   8.15.2-14~deb10u1
ii  sendmail-cf    8.15.2-14~deb10u1
ii  sensible-mda   8.15.2-14~deb10u1

sendmail recommends no packages.

Versions of packages sendmail suggests:
ii  rmail         8.15.2-14~deb10u1
pn  sendmail-doc  <none>

Versions of packages sensible-mda depends on:
ii  libc6                                2.28-10
ii  procmail                             3.22-26
ii  sendmail-bin [mail-transport-agent]  8.15.2-14~deb10u1

Versions of packages rmail depends on:
ii  libc6                                2.28-10
ii  libldap-2.4-2                        2.4.47+dfsg-3+deb10u1
ii  sendmail-bin [mail-transport-agent]  8.15.2-14~deb10u1

Versions of packages libmilter1.0.1 depends on:
ii  libc6  2.28-10

Versions of packages sendmail-bin depends on:
ii  debconf        1.5.71
ii  libc6          2.28-10
ii  libdb5.3       5.3.28+dfsg1-0.5
ii  libldap-2.4-2  2.4.47+dfsg-3+deb10u1
ii  liblockfile1   1.14-1.1
ii  libsasl2-2     2.1.27+dfsg-1+deb10u1
ii  libssl1.1      1.1.1d-0+deb10u2
ii  libwrap0       7.6.q-28
ii  lsb-base       10.2019051400
ii  procps         2:3.3.15-2
ii  sendmail-base  8.15.2-14~deb10u1
ii  sendmail-cf    8.15.2-14~deb10u1

Versions of packages sendmail-bin suggests:
ii  libsasl2-modules  2.1.27+dfsg-1+deb10u1
ii  openssl           1.1.1d-0+deb10u2
ii  sasl2-bin         2.1.27+dfsg-1+deb10u1
pn  sendmail-doc      <none>

-- no debconf information

Attachment: signature.asc
Description: PGP signature

Reply via email to