Weird things in the mail queue

Daniel Lange DLange at debian.org
Sun Mar 24 12:43:05 EET 2019 

Hi Aki,

Am 21.02.19 um 12:55 schrieb Aki Tuomi:
> 
> On 21.2.2019 13.47, Lionel Elie Mamane via dovecot wrote:
>> I noticed a mail stuck in my mail queue. dovecot-lda was returning
>> error 64 Invalid parameter given. (EX_USAGE).
>>
>> Weird, weird, weird. After some sleuthing, I found the sender address
>> was FirstLast at domain.tld, with a UTF8-encoded Unicode U+FEFF ZERO
>> WIDTH NO-BREAK SPACE character (AKA byte order mark) between "First"
>> and "Last" :)
>>
>> Since that is passed as the -f parameter to dovecot-lda, it was giving
>> the 64 error.
> 
> Your MTA should not be passing this along.

Unfortunately Postfix does.
It honors the robustness principle (~Postel's law) and therefore
accepts envelope senders like

from=<<U+FEFF>JamesBrown at triolan.net>
or
from=<Gerald<U+FEFF>Smith at nampaichuanlondon.com>
or
from=<Peter???Smith at taotalk.nl>
(invalid 3-byte UTF-8 .)

which are increasingly making rounds.

With a working local delivery these will just feed spamassassin or
rspamd and all is well. And may be the occasional poor Exchange
customer's email is delivered, too.

With Dovecot 2.3.4.1 and 2.3.5 dovecot-lda and lmtp
these will generate bounces that lead to backscatter spam:

postfix/pipe[22438]: D8C5E35C2600: to=<redacted at redacted>, relay=dovecot, delay=0.22, delays=0.14/0.01/0/0.08, dsn=5.3.0, status=bounced (command line usage error. Command output: lda: Fatal: Invalid -f parameter: Invalid character in localpart )
postfix/cleanup[22433]: 0D95435C25EF: message-id=<redacted>
postfix/bounce[22440]: D8C5E35C2600: sender non-delivery notification: 0D95435C25EF
(dovecot-lda case)

and

postfix/lmtp[12829]: 6ADF135C2671: to=<redacted>, relay=redacted[private/dovecot-lmtp], delay=0.17, delays=0.15/0.01/0.01/0, dsn=5.5.2, status=bounced (host redacted[private/dovecot-lmtp] said: 500 5.5.2 Invalid command syntax (in reply to MAIL FROM command))
...
(lmtp case)

In my book an LDA should do its job and deliver the email. It should
complain about an invalid envelope sender if (and only if) it needs to
send a bounce (and thus will send that to MAILER-DAEMON instead). But it
must in no case refuse to deliver the email to a perfectly valid local
recipient. Yes, the envelope sender is flawed. But that is not the LDAs
concern. If the SMTPD was happy enough, the email has been accepted and
must not lead to a late bounce. In the case we're currently seeing this
leads to backscatter spam.

I think the right logic would be to not smtp_address_parse_path the
enveloper sender unless it is needed for legitimate bounces (e.g.
mailbox over quota). In that case a failing enveloper sender should be
replaced for the bounce. In any other case dovecot-lda and lmtp must not
bother.

Kind regards,
Daniel

More information about the dovecot mailing list