Your message dated Fri, 30 Sep 2011 08:05:41 +0200
with message-id <87zkhmpnt6....@luthien.mhp>
and subject line Re: Bug#643826: smtpguard: smtpguard-daemon crashes if any
illegal characters are contained in SMTP envelope
has caused the Debian Bug report #643826,
regarding smtpguard: smtpguard-daemon crashes if any illegal characters are
contained in SMTP envelope
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
643826: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643826
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Subject: smtpguard-daemon crashes if any illegal characters are contained in
SMTP envelope
Package: smtpguard
Version: 1.1.3-1.1
Justification: user security hole
Severity: grave
Tags: upstream security patch
A patch to modify this behavior is attached.
How to reproduce:
1. Add "TD" and/or "FD" entries to smtpguard.conf as attached.
2. Submit sender/recipient with illegal octet(s), any of:
- Control characters.
- 8-bit octet not forming legal UTF-8 sequence.
Result is as following (note that "_" is control character or non-UTF-8
sequence):
# /etc/init.d/smtpguard start
# /usr/lib/postfix/smtpguard -S -v
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=ESMTP
helo_name=mail.example.jp
sender=nob...@example.jp
recipient=user_@example.co.jp
client_address=172.16.0.1
client_name=mail.example.jp
instance=123.456.7
output error : string is not in UTF-8
action=defer_if_permit Server configuration error.
# tail /var/log/syslog
Sep 30 12:31:55 debian-amd64 postfix/smtpguard[11814]: error:
fg_spam_update_db(8): Invalid protocol: read unexpected EOF.
Sep 30 12:31:55 debian-amd64 postfix/smtpguard[11814]: fallback action:
defer_if_permit Server configuration error.
Sep 30 12:31:55 debian-amd64 postfix/smtpguard[11814]: policy action:
action=defer_if_permit Server configuration error.
Sep 30 12:31:55 debian-amd64 kernel: [72351.354645] smtpguard-daemo[11809]:
segfault at 0 ip 00007f3744d8e61a sp 00007f3743c408b8 error 4 in
libc-2.11.2.so[7f3744d11000+158000]
#
-- System Information:
Debian Release: 6.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages smtpguard depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libsmtpguard1 1.1.3-1.1 Shared library of smtpguard
ii libxml2 2.7.8.dfsg-2+squeeze1 GNOME XML library
smtpguard recommends no packages.
smtpguard suggests no packages.
-- Configuration Files:
/etc/smtpguard/smtpguard.conf changed:
MAILFROM="postmaster"
SENDMAIL="/usr/sbin/sendmail"
EXPIRE=900
A: : add(5)
A: TD==example.co.jp : add(50)
A: FD==example.co.jp : add(50)
R: P>1000 : reject("441 sending too much mail, try again later")
-- no debconf information
--
株式会社 コンバージョン セキュリティ&OSSソリューション部 池田荘児
〒231-0004 神奈川県横浜市中区元浜町3-21-2 ヘリオス関内ビル7F
e-mail supp...@conversion.co.jp TEL 045-640-3550
http://www.conversion.co.jp/
smtpguard-1.1.3-CV-smtpguard_service.patch
Description: Binary data
--- End Message ---
--- Begin Message ---
smtpguard was removed[1] from Debian unstable in 2008, and wasn't
reintroduced since, therefore, I'm closing this bug.
[1]: http://packages.qa.debian.org/s/smtpguard/news/20081223T192055Z.html
--
|8]
--- End Message ---
