LDA input validation

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 23 Jan 2015, Stéphane Cottin wrote:

> I'm using qmail + dspam + dovecot-lda.
>
> A typical .qmail file :
>
> | /usr/bin/dspam --client --deliver=stdout --user "$EXT@$USER" | /usr/bin/preline -f /usr/lib/dovecot/dovecot-lda -d "$EXT@$USER" -a "$EXT@$USER" -m "$EXT2"
>
> When dspam segfault or is killed, preline receive an empty content and only pass to dovecot-lda two headers ( Return-Path and Delivered-To ).

Those two lines are generated by dovecot-lda or preline.

> Then dovecot-lda delivers successfully and the original message contents are lost.
>
> Should dovecot-lda returns an error in such conditions ( invalid contents ) ? Qmail will keep it in the queue and retry delivery later.

That's the problem of the used Unix pipe and broken by design. The right 
member of the pipe (preline) runs independendly of dspam and recieves no 
content via pipe. Why should preline or dovecot-lda believe there is an 
error?

If preline does not have no nifty option to prevent this, replace the 
pipe by a shell script:

| /usr/local/bin/dspam-lda-wrapper.sh "$EXT@$USER" "$EXT2"

===== /usr/local/bin/dspam-lda-wrapper.sh
#!/bin/bash

tmpf="/tmp/wrapper.$$.log"
trap 'rc=$?; rm -f $tmpf; exit $rc' EXIT

if /usr/bin/dspam --client --deliver=stdout --user "$1" >$tmpf; then
 	test -s $tmpf && /usr/bin/preline -f \
 	/usr/lib/dovecot/dovecot-lda -d "$1" -a "$1" -m "$2" <$tmpf
fi
======

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBVMJlQnz1H7kL/d9rAQK90Af9Fs+uZ6P0VxQL0r8PpR30hYt1MnExozpz
QXbhKMCrXv5fZwAZ6paAbQQ999Emjj0fyBEBKodgYoi3rQm5claJwb1/NzSotgxx
Kayc0WpPP2cPMR1QZBA1FmR6+XPyEQO1h8B6aYxNNVNELCMxzotQ5hBPsqrR8ajO
86TL7FYaz6EM5nqW7w/VwwqsPDiM3mlkgckQudMzxeupP/jGZiRAkWODznSRg4Wr
yHx257i8jWj3mV2vcew16tyBuwmc3g1renPSwjaUZoLsb2A9vyJjnr0qmBdfrkDz
LE6WICAJcZuxQtyy8naTExEGKyQUhBc0nOLVljZ6ZnVC15b8gHWYRw==
=WdEr
-----END PGP SIGNATURE-----