[Dovecot] When the subject portion of an e-mail contains a control character, dovecot.sieve terminates unexpectatedly.

Atsuko Tanaka tanaka at designet.co.jp
Fri May 2 08:27:30 UTC 2014 

Hello.

We have currently set dovecot.sieve to insert the text "[SPAM]" at the
beginning of an e-mail's subject when it's X-Spam-Score is above 80%.
After we set our system as stated the following errors occur:

1) When an e-mail's subject contains control characters like
[Ctrl+V|^V], dovecot.sieve terminates with an error and an e-mail is not
able to be sent. When a MIME encoded Subject like [TEST^VMAIL] is sent
we're not able to edit the subject and dovecot ends with an error.

This is a sample of the data that was used in testing.
Subject: =?ISO-2022-JP?B?GyRCI1QjRSNTI1QbKEIWGyRCI00jQSNJI0wbKEI=?=
X-Spam-Score: 100.00%
↓
Subject: =?ISO-2022-JP?B?GyRCI1QjRSNTI1QbKEIWGyRCI00jQSNJI0wbKEI=?=
X-Spam-Score: 100.00%

This is the log generated by the data above.
----------------------------------------------------------------------
sieve: info: started log at May 02 10:46:22.
main script: line 14: error: addheader action: specified value `[SPAM]
TEST?・・' is invalid.
----------------------------------------------------------------------

Aside from [Ctrl + V] the following control charcters also cause errors:
backspace
Ctrl + A
Ctrl + C
Ctrl + [
Ctrl + X
Ctrl + Y

2) When an e-mail's subject line contains a "\0" character, everything
following the null character is deleted.
When a MIME encoded Subject is sent, for example "TEST\0MAIL", the
subject becomes "[SPAM]TEST", the characters after the NULL character
are deleted and dovecot.sieve ends normally.

This is a sample of the data that we collected.
Subject: =?ISO-2022-JP?B?GyRCI1QjRSNTI1QbKEIAGyRCI00jQSNJI0wbKEI=?=
X-Spam-Score: 100.00%
↓
Subject: [SPAM] =?utf-8?b?77y077yl77yz77y0?=
X-Spam-Score: 100.00%


-Environment
・OS
CentOS release 6.5 (Final) x86_64

・Software Version
dovecot-2.2.12
dovecot-2.2-pigeonhole-0.4.2

・Results from the "dovecot -n" command.
----------------------------------------------------------------------
# 2.2.12: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-431.5.1.el6.x86_64 x86_64 CentOS release 6.5 (Final)
disable_plaintext_auth = no
lock_method = dotlock
mail_fsync = always
mail_gid = vmail
mail_location = maildir:~/Maildir
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = quota
mail_temp_dir = /var/tmp
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress

comparator-i;ascii-numeric relational regex imap4flags copy include
variables body enotify

environment mailbox date ihave spamtest spamtestplus editheader
mbox_write_locks = dotlock
mmap_disable = yes
passdb {
  driver = passwd
}
plugin {
  quota = maildir:User quota
  sieve = ~/Maildir/dovecot.sieve
  sieve_dir = ~/Maildir/sieve
  sieve_editheader_max_header_size = 1k
  sieve_editheader_protected = X-Verified
  sieve_extensions = +editheader +spamtest +spamtestplus
  sieve_max_actions = 250
  sieve_max_redirects = 100
  sieve_spamtest_max_value = 100.00
  sieve_spamtest_status_header = X-Spam-Score: ([[:digit:]]+\.[[:digit:]]+)%
  sieve_spamtest_status_type = score
  sieve_user_log = /var/log/dovecot.sieve/%d/%u.log
}
postmaster_address = postmaster at example.jp
protocols = pop3 imap
service auth {
  unix_listener auth-userdb {
    group = vmail
    mode = 0600
    user = vmail
  }
}
ssl_ca = </etc/pki/tls/certs/CA.crt
ssl_cert = </etc/pki/tls/certs/example.jp.crt
ssl_key = </etc/pki/tls/private/example.jp.key
submission_host = 127.0.0.1:20025
userdb {
  args = /etc/dovecot/ldap/userdb.conf.ext
  driver = ldap
}
protocol lda {
  mail_plugins = quota sieve
}
protocol imap {
  mail_plugins = quota imap_quota
  passdb {
    args = /etc/dovecot/ldap/passdb.conf.ext
    driver = ldap
  }
}
protocol pop3 {
  passdb {
    args = /etc/dovecot/ldap/passdb.conf.ext
    driver = ldap
  }
}
----------------------------------------------------------------------

-Contents of the "dovecot.sieve" file
user/Maildir/dovecot.sieve
----------------------------------------------------------------------
require "fileinto";
require "mailbox";
require "envelope";
require "variables";
require "editheader";
require "spamtestplus";
require "relational";
require "enotify";
require "comparator-i;ascii-numeric";

if spamtest :percent :value "ge" :comparator "i;ascii-numeric" "80" {
  if exists "subject" {
    deleteheader :matches "subject" "*";
    addheader "Subject" "[SPAM] ${1}";
  } else {
    addheader "Subject" "[SPAM]";
  }
}
----------------------------------------------------------------------

Please reply.
Thank you.

-- 
----------------------------------------
Atsuko Tanaka
DesigNET Inc.
e-mail:tanaka at designet.co.jp
----------------------------------------

More information about the dovecot mailing list