Weird things in the mail queue

Aki Tuomi aki.tuomi at open-xchange.com
Wed Mar 27 18:59:38 EET 2019 

> On 24 March 2019 12:43 Daniel Lange <dlange at debian.org> wrote:
> 
>  
> Hi Aki,
> 
> Am 21.02.19 um 12:55 schrieb Aki Tuomi:
> > 
> > On 21.2.2019 13.47, Lionel Elie Mamane via dovecot wrote:
> >> I noticed a mail stuck in my mail queue. dovecot-lda was returning
> >> error 64 Invalid parameter given. (EX_USAGE).
> >>
> >> Weird, weird, weird. After some sleuthing, I found the sender address
> >> was FirstLast at domain.tld, with a UTF8-encoded Unicode U+FEFF ZERO
> >> WIDTH NO-BREAK SPACE character (AKA byte order mark) between "First"
> >> and "Last" :)
> >>
> >> Since that is passed as the -f parameter to dovecot-lda, it was giving
> >> the 64 error.
> > 
> > Your MTA should not be passing this along.
> 
> Unfortunately Postfix does.
> It honors the robustness principle (~Postel's law) and therefore
> accepts envelope senders like
> 
> from=<<U+FEFF>JamesBrown at triolan.net>
> or
> from=<Gerald<U+FEFF>Smith at nampaichuanlondon.com>
> or
> from=<Peter???Smith at taotalk.nl>
> (invalid 3-byte UTF-8 .)
> 
> which are increasingly making rounds.
> 
> With a working local delivery these will just feed spamassassin or
> rspamd and all is well. And may be the occasional poor Exchange
> customer's email is delivered, too.
> 
> With Dovecot 2.3.4.1 and 2.3.5 dovecot-lda and lmtp
> these will generate bounces that lead to backscatter spam:
> 
> postfix/pipe[22438]: D8C5E35C2600: to=<redacted at redacted>, relay=dovecot, delay=0.22, delays=0.14/0.01/0/0.08, dsn=5.3.0, status=bounced (command line usage error. Command output: lda: Fatal: Invalid -f parameter: Invalid character in localpart )
> postfix/cleanup[22433]: 0D95435C25EF: message-id=<redacted>
> postfix/bounce[22440]: D8C5E35C2600: sender non-delivery notification: 0D95435C25EF
> (dovecot-lda case)
> 
> and
> 
> postfix/lmtp[12829]: 6ADF135C2671: to=<redacted>, relay=redacted[private/dovecot-lmtp], delay=0.17, delays=0.15/0.01/0.01/0, dsn=5.5.2, status=bounced (host redacted[private/dovecot-lmtp] said: 500 5.5.2 Invalid command syntax (in reply to MAIL FROM command))
> ...
> (lmtp case)
> 
> In my book an LDA should do its job and deliver the email. It should
> complain about an invalid envelope sender if (and only if) it needs to
> send a bounce (and thus will send that to MAILER-DAEMON instead). But it
> must in no case refuse to deliver the email to a perfectly valid local
> recipient. Yes, the envelope sender is flawed. But that is not the LDAs
> concern. If the SMTPD was happy enough, the email has been accepted and
> must not lead to a late bounce. In the case we're currently seeing this
> leads to backscatter spam.
> 
> I think the right logic would be to not smtp_address_parse_path the
> enveloper sender unless it is needed for legitimate bounces (e.g.
> mailbox over quota). In that case a failing enveloper sender should be
> replaced for the bounce. In any other case dovecot-lda and lmtp must not
> bother.
> 
> Kind regards,
> Daniel

We are tracking this as DOP-1045. 

Aki

More information about the dovecot mailing list