Package: amavisd-new
Version: 1:2.4.1-1
Severity: important
Testing my setup I encountered a problem which is probably best
illustrated by the following protocol below. Basically, what happens
is that emails with ``bad headers'' are delivered with there bodies
removed if $final_bad_header_destiny is set to D_PASS.
pts/1_13:56_~% telnet localhost 10024
Trying 127.0.0.1...
Connected to denkblock.local.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
ehlo localhost
250-[127.0.0.1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PROTO HELO
mail from: <[EMAIL PROTECTED]>
250 2.1.0 Sender [EMAIL PROTECTED] OK
rcpt to: <[EMAIL PROTECTED]>
250 2.1.5 Recipient [EMAIL PROTECTED] OK
data
354 End data with <CR><LF>.<CR><LF>
test mail.
.
250 2.6.0 Ok, id=11247-04, from MTA([127.0.0.1]:10025): 250 OK
id=1Fq7WG-0003Gb-FB
quit
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.
pts/1_13:57_~% cat /var/mail/eo
>From [EMAIL PROTECTED] Tue Jun 13 13:57:18 2006
Return-path: <[EMAIL PROTECTED]>
Envelope-to: [EMAIL PROTECTED]
Delivery-date: Tue, 13 Jun 2006 13:57:18 +0200
Received: from localhost ([127.0.0.1])
by denkblock.local with esmtp (Exim 4.60)
(envelope-from <[EMAIL PROTECTED]>)
id 1Fq7WG-0003Gb-FB
for [EMAIL PROTECTED]; Tue, 13 Jun 2006 13:57:18 +0200
X-Quarantine-ID: <H4DIu8+6ncfH>
X-Amavis-Alert: BAD HEADER MIME error: error: unexpected end of header
Received: from localhost ([127.0.0.1])
by localhost (denkblock.local [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id H4DIu8+6ncfH for <[EMAIL PROTECTED]>;
Tue, 13 Jun 2006 13:57:03 +0200 (CEST)
Message-Id: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED]
Date: Tue, 13 Jun 2006 13:57:16 +0200
You have new mail.
pts/1_13:57_~%
As you can see, amavisd-new has added alert headers and removed the
body of the email just because it didn't like the header. However, my
config files suggest a different behaviour:
pts/1_13:59_~% grep 'final_.*_destiny' /etc/amavis/conf.d/*
/etc/amavis/conf.d/20-debian_defaults:$final_virus_destiny = D_DISCARD; #
(data not lost, see virus quarantine)
/etc/amavis/conf.d/20-debian_defaults:$final_banned_destiny = D_BOUNCE; #
D_REJECT when front-end MTA
/etc/amavis/conf.d/20-debian_defaults:$final_spam_destiny = D_BOUNCE;
/etc/amavis/conf.d/20-debian_defaults:$final_bad_header_destiny = D_PASS; #
False-positive prone (for spam)
/etc/amavis/conf.d/50-user:$final_virus_destiny = D_DISCARD; # (data not
lost, see virus quarantine)
/etc/amavis/conf.d/50-user:$final_banned_destiny = D_DISCARD; # D_REJECT
when front-end MTA
/etc/amavis/conf.d/50-user:$final_spam_destiny = D_PASS;
/etc/amavis/conf.d/50-user:$final_bad_header_destiny = D_PASS; #
False-positive prone (for spam)
pts/1_14:06_~%
The original body of the message is stored in
/var/lib/amavis/tmp/amavis-20060613T122807-11247/email.txt.
The severety of this bug has been set to important because without
special arrangements the user's mua will just present an empty message
to the user who might not even notice that potentially useful
information in the body has actually been removed.
-- System Information:
Debian Release: testing/unstable
APT prefers dapper-updates
APT policy: (500, 'dapper-updates'), (500, 'dapper-security'), (500,
'dapper'), (200, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.16.20-1
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Versions of packages amavisd-new depends on:
ii adduser 3.80ubuntu2 Add and remove users and groups
ii debconf [debconf-2.0] 1.4.72ubuntu9 Debian configuration management sy
ii file 4.16-0ubuntu3 Determines file type using "magic"
ii libarchive-tar-perl 1.26-2 Archive::Tar - manipulate tar file
ii libarchive-zip-perl 1.16-1 Module for manipulation of ZIP arc
ii libberkeleydb-perl 0.27-1 use Berkeley DB 4 databases from P
ii libcompress-zlib-perl 1.41-1 Perl module for creation and manip
ii libconvert-tnef-perl 0.17-4 Perl module to read TNEF files
ii libconvert-uulib-perl 1.0.5.1-1 Perl interface to the uulib librar
pn libdigest-md5-perl <none> (no description available)
ii libio-stringy-perl 2.110-1 Perl5 modules for IO from scalars
ii libmailtools-perl 1.62-1 Manipulate email in perl programs
pn libmime-base64-perl <none> (no description available)
ii libmime-perl 5.420-0.1 Perl5 modules for MIME-compliant m
ii libnet-perl 1:1.19-3 Implementation of Internet protoco
ii libnet-server-perl 0.90-1 An extensible, general perl server
ii libunix-syslog-perl 0.100-4 Perl interface to the UNIX syslog(
ii perl [libtime-hires-perl 5.8.7-10ubuntu1 Larry Wall's Practical Extraction
ii perl-modules [libnet-per 5.8.7-10ubuntu1 Core Perl modules
amavisd-new recommends no packages.
-- debconf information:
amavisd-new/outdated_config_style_warning:
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
