Yahoo Groups archive
Thread
2004-10-12 by scoost
Running 1.5.8 on Redhat ELES 3.0 Twice now I have gotten a line in the cache file that does not allow milter-greylist to restart. The line follows: (watch line wrapping): 64.106.137.140 <mmreturn@...> <smtp:simmons_st@...> 1097598374 # 2004-10-12 09:26:14 It appears to be the smtp: part. The error message I get is invalid IPv6 address line 147647 I am not doing any IPv6 . What can I do to prevent this? scott O
2004-10-12 by Hajimu UMEMOTO
Hi,
>>>>> On Tue, 12 Oct 2004 18:39:25 -0000
>>>>> "scoost" <scotto5@...> said:
scotto5> 64.106.137.140 <mmreturn@...>
scotto5> <smtp:simmons_st@...> 1097598374 # 2004-10-12
scotto5> 09:26:14
scotto5> It appears to be the smtp: part.
scotto5> The error message I get is
scotto5> invalid IPv6 address line 147647
This patch should fix it for workaround:
Index: dump_lex.l
diff -u dump_lex.l.orig dump_lex.l
--- dump_lex.l.orig Sun Aug 1 18:27:03 2004
+++ dump_lex.l Wed Oct 13 04:04:19 2004
@@ -6,7 +6,7 @@
num [0-9]{1,}
byte [0-9]{1,3}
ipaddr {byte}"."{byte}"."{byte}"."{byte}
-ip6addr ([0-9a-fA-F]*:)+[0-9a-fA-F]*(%[0-9a-zA-Z]+)?
+ip6addr ([0-9a-fA-F]*:){2,}[0-9a-fA-F]*(%[0-9a-zA-Z]+)?
atext [A-Za-z0-9!#$%&'*+/=?$^_`}{|~.-]{1,}
qtext "\""[!-~]{1,}"\""
mailbox {atext}|{qtext}
Actual fix should be don't match ip6?addr within a line.
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@... ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/2004-10-12 by manu@netbsd.org
scoost <scotto5@...> wrote:
> It appears to be the smtp: part.
> The error message I get is
> invalid IPv6 address line 147647
Mmmm... Hajimu Umemoto made IPv6 integration, he might have an idea: why
is this e-mail address seen as an IPv6 address by the lexer?
Until we find a real fix, here is a workaround: in dump_lex.l, look for
"invalid IPv6 address" and remove the whole {ip6addr} block which is
around it.
--
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent
le binaire et ceux qui ne le comprennent pas.
manu@...2004-10-12 by manu@netbsd.org
Hajimu UMEMOTO <ume@...> wrote: > Actual fix should be don't match ip6?addr within a line. How can we acheive that? Any lex expert in the room? :) -- Emmanuel Dreyfus Il y a 10 sortes de personnes dans le monde: ceux qui comprennent le binaire et ceux qui ne le comprennent pas. manu@...
2004-10-12 by Hajimu UMEMOTO
Hi,
>>>>> On Tue, 12 Oct 2004 21:25:22 +0200
>>>>> manu@... said:
> Actual fix should be don't match ip6?addr within a line.
manu> How can we acheive that? Any lex expert in the room? :)
Sorry but I have no idea for now. I'm not a lex expert.
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@... ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/2004-10-12 by Hajimu UMEMOTO
Hi,
>>>>> On Tue, 12 Oct 2004 21:25:22 +0200
>>>>> manu@... said:
> Actual fix should be don't match ip6?addr within a line.
manu> How can we acheive that? Any lex expert in the room? :)
How about this patch? Though it is not a way above, it should match
with only exact an IPv6 address.
Index: conf_lex.l
diff -u conf_lex.l.orig conf_lex.l
--- conf_lex.l.orig Mon Aug 9 06:24:20 2004
+++ conf_lex.l Wed Oct 13 05:22:32 2004
@@ -5,7 +5,7 @@
number [0-9]+
ipaddr [0-9]{1,3}"."[0-9]{1,3}"."[0-9]{1,3}"."[0-9]{1,3}
-ip6addr ([0-9a-fA-F]*:)+[0-9a-fA-F]*(%[0-9a-zA-Z]+)?
+ip6addr ([0-9a-fA-F]*:){2,}[0-9a-fA-F]*(%[0-9a-zA-Z]+)?
cidr "/"[0-9]{1,3}
atext [A-Za-z0-9!#$%&'*+/=?$^_`}{|~.-]{1,}
qtext "\""[!-~]{1,}"\""
@@ -128,9 +128,7 @@
if (ipfromstring(yytext, SA(&yylval.ipaddr), &salen,
AF_INET) != 1) {
- printf("invalid IPv4 address line %d\n",
- conf_line);
- exit(EX_DATAERR);
+ REJECT;
}
return IPADDR;
}
@@ -140,9 +138,7 @@
if (ipfromstring(yytext, SA(&yylval.ip6addr), &salen,
AF_INET6) != 1) {
- printf("invalid IPv6 address line %d\n",
- conf_line);
- exit(EX_DATAERR);
+ REJECT;
}
#endif
return IP6ADDR;
Index: dump_lex.l
diff -u dump_lex.l.orig dump_lex.l
--- dump_lex.l.orig Sun Aug 1 18:27:03 2004
+++ dump_lex.l Wed Oct 13 05:23:29 2004
@@ -6,7 +6,7 @@
num [0-9]{1,}
byte [0-9]{1,3}
ipaddr {byte}"."{byte}"."{byte}"."{byte}
-ip6addr ([0-9a-fA-F]*:)+[0-9a-fA-F]*(%[0-9a-zA-Z]+)?
+ip6addr ([0-9a-fA-F]*:){2,}[0-9a-fA-F]*(%[0-9a-zA-Z]+)?
atext [A-Za-z0-9!#$%&'*+/=?$^_`}{|~.-]{1,}
qtext "\""[!-~]{1,}"\""
mailbox {atext}|{qtext}
@@ -48,9 +48,7 @@
if (ipfromstring(yytext, SA(&yylval.ipaddr), &salen,
AF_INET) != 1) {
- printf("invalid IPv4 address line %d\n",
- dump_line);
- exit(EX_DATAERR);
+ REJECT;
}
return IPADDR;
}
@@ -60,10 +58,7 @@
if (ipfromstring(yytext, SA(&yylval.ip6addr), &salen,
AF_INET6) != 1) {
- printf("invalid IPv6 address line %d\n",
- dump_line);
- printf("[%s]\n", yytext);
- exit(EX_DATAERR);
+ REJECT;
}
#endif
return IP6ADDR;
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@... ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/2004-10-12 by Hajimu UMEMOTO
Hi,
>>>>> On Tue, 12 Oct 2004 18:39:25 -0000
>>>>> "scoost" <scotto5@...> said:
scotto5> <smtp:simmons_st@...>
This email address seems doesn't match the rule of `email'. `:' is
not allowed in `atext'. Following rule is from dump_lex.l.
atext [A-Za-z0-9!#$%&'*+/=?$^_`}{|~.-]{1,}
qtext "\""[!-~]{1,}"\""
mailbox {atext}|{qtext}
domain [A-Za-z0-9._-]{1,}
email "<"?{mailbox}"\@"?{domain}?">"?
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@... ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/2004-10-12 by Cyril Guibourg
Hello Hajimu, Hajimu UMEMOTO <ume@...> writes: > This email address seems doesn't match the rule of `email'. `:' is > not allowed in `atext'. Which is right. Imho, we could consider getting dump_lex.l less pointy head so that such line would be safely ignored at startup. Another way, when performing the dump, we could perform some sanity check on mail addresses. Opinions ?
2004-10-12 by manu@netbsd.org
Hajimu UMEMOTO <ume@...> wrote: > How about this patch? Though it is not a way above, it should match > with only exact an IPv6 address. Sounds fine. Did you tested it? Does it works as intented? If it does I'll check in the fix and release 1.5.9 -- Emmanuel Dreyfus Il y a 10 sortes de personnes dans le monde: ceux qui comprennent le binaire et ceux qui ne le comprennent pas. manu@...
2004-10-12 by manu@netbsd.org
Cyril Guibourg <cg+milter-greylist@...> wrote: > Which is right. Imho, we could consider getting dump_lex.l less pointy head > so that such line would be safely ignored at startup. > > Another way, when performing the dump, we could perform some sanity check > on mail addresses. > > Opinions ? The third solution it to simply reject ill-formated address and the fourth solution is to avoid adding them to the greylist (which means thay will be temporary rejected forever). I wonder why sendmail accepts addresses that don't conform to the standards. IMO the choice is between really accepting ill-formatted addresses, or really rejecting them with a permanent failure. Rejecting at dump time or temp-failing forever seems a bad choice. milter-greylist job's is to do greylisting, not to do some address sanity-checks, so I'd be in favor of making dump_lex.l capable of reloading any address that sendmail can accept. But is it possible? If it's not, then we should reject at once, it makes no sence to greylist something we consider bad enough to be ignored at dump reload time. -- Emmanuel Dreyfus Il y a 10 sortes de personnes dans le monde: ceux qui comprennent le binaire et ceux qui ne le comprennent pas. manu@...
2004-10-13 by Cyril Guibourg
manu@... writes: > milter-greylist job's is to do greylisting, not to do some address > sanity-checks, so I'd be in favor of making dump_lex.l capable of > reloading any address that sendmail can accept. But is it possible? Yes, it was my first proposal, just make dump_*.* less pointy head ;-) > If it's not, then we should reject at once, it makes no sence to > greylist something we consider bad enough to be ignored at dump reload > time. Agree with that.
2004-10-13 by Hajimu UMEMOTO
Hi,
>>>>> On Tue, 12 Oct 2004 23:43:00 +0200
>>>>> manu@... said:
manu> Sounds fine. Did you tested it? Does it works as intented? If it does
manu> I'll check in the fix and release 1.5.9
Yes, I've running milter-greylist with the patch, and it seems working
fine.
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@... ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/2004-10-13 by manu@netbsd.org
Cyril Guibourg <cg+milter-greylist@...> wrote: > > milter-greylist job's is to do greylisting, not to do some address > > sanity-checks, so I'd be in favor of making dump_lex.l capable of > > reloading any address that sendmail can accept. But is it possible? > Yes, it was my first proposal, just make dump_*.* less pointy head ;-) Now we just have to find a volunter to do it :) -- Emmanuel Dreyfus Il y a 10 sortes de personnes dans le monde: ceux qui comprennent le binaire et ceux qui ne le comprennent pas. manu@...