Debian Bug report logs - #807258
sendmail: Strange DSN code returned by sendmail with greylisting

Display info messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: BERTRAND Joël <joel.bertrand@systella.fr>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: sendmail: Strange DSN code returned by sendmail with greylisting

Date: Sun, 06 Dec 2015 20:50:51 +0100

Source: sendmail
Version: 8.15.2-2
Severity: grave
Justification: renders package unusable

Dear Maintainer,

I use for a long time a sendmail configuration with debian clamav and
spamassassin milters and a customized milter greylist (same sources that
debian's milter but with some different compilation options).

I have checked in greylist-milter sources and milter returns 451 4.7.1 DSN by
default. My configuration ran like a charm for a very long time.

I have recently upgraded my mail server and I have seen that last sendmail seems
to change DSN code. For example, I have tried to send a message from an external
SMTP server. It receives :

550 <joel.bertrand@systella.fr>... 451 4.7.1 Greylisting in action, please come back later

I don't understand why milter-greylist returns 451 and why sendmail changes this
error to 550 since last sendmail upgrade.

I have checked sendmail.cf file and I haven't found what could change this DSN
code.

I don't know how investigate.

Regards,

JKB

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Message #10 received at 807258@bugs.debian.org (full text, mbox, reply):

From: BERTRAND Joël <joel.bertrand@systella.fr>

To: 807258@bugs.debian.org

Subject: Logged transaction

Date: Tue, 8 Dec 2015 10:49:55 +0100

250-rayleigh.systella.fr Hello mta.partenaire.viadeo.com 
[136.147.180.10], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH NTLM PLAIN LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP

10:25:15.695375 IP mta.partenaire.viadeo.com.39783 > 
rayleigh.systella.fr.smtp: Flags [P.], seq 33:181, ack 471, win 131, 
options [nop,nop,TS val 704029822 ecr 312631110], length 148: SMTP: MAIL 
FROM:<bounce-696_HTML-50940913-567321-7205089-619@bounce.message.viadeo.com> 
BODY=8BITMIME
E....P@.-......
.....g...>.._4.R....M......
)..~.._FMAIL 
FROM:<bounce-696_HTML-50940913-567321-7205089-619@bounce.message.viadeo.com> 
BODY=8BITMIME
RCPT TO:<benedicte.lecarpentier@astelys.fr>
DATA

10:25:15.733941 IP rayleigh.systella.fr.smtp > 
mta.partenaire.viadeo.com.39783: Flags [.], ack 181, win 234, options 
[nop,nop,TS val 312631148 ecr 704029822], length 0
E..4.l@.@.e........
...g_4.R.>.G.....z.....
.._l)..~
10:25:16.471353 IP rayleigh.systella.fr.smtp > 
mta.partenaire.viadeo.com.39783: Flags [P.], seq 471:706, ack 181, win 
234, options [nop,nop,TS val 312631332 ecr 704029822], length 235: SMTP: 
250 2.1.0 
<bounce-696_HTML-50940913-567321-7205089-619@bounce.message.viadeo.com>... 
Sender ok
E....m@.@.d#.......
...g_4.R.>.G...........
..`$)..~250 2.1.0 
<bounce-696_HTML-50940913-567321-7205089-619@bounce.message.viadeo.com>... 
Sender ok
550 <benedicte.lecarpentier@astelys.fr>... 451 4.7.1 Greylisting in 
action, please come back in 00:10:00
503 5.0.0 Need RCPT (recipient)

I don't understand following line :
550 <benedicte.lecarpentier@astelys.fr>... 451 4.7.1 Greylisting in 
action, please come back in 00:10:00

Why 550 and 451 on the _same_ line ?

	Best regards,

	JKB

Message #15 received at 807258@bugs.debian.org (full text, mbox, reply):

From: BERTRAND Joël <joel.bertrand@systella.fr>

To: 807258@bugs.debian.org

Subject: For information

Date: Tue, 8 Dec 2015 16:11:18 +0100

JKB  wrote:

>       I have a sendmail server (8.15.2) running debian linux, 
spamassasin,
>       clamav and milter-greylist (4.4.3 and I have tried 4.5.16). This
>       configuration ran like a charm until last sendmail upgrade.

So what are the changes in that "last sendmail upgrade"?
Is that an official sendmail version or something patched by the "vendor"?

If it is based on a 8.16.0 snapshot then maybe a version before .6
was used? There was a problem in one of those:

  sendmail snapshot 8.16.0.6 is available for testing. It fixes a
  regression in 8.16 which could generate bogus SMTP replies in some
  cases (and even with a 5xy error instead of 4xy).

Message #20 received at 807258@bugs.debian.org (full text, mbox, reply):

From: Andreas Beckmann <anbe@debian.org>

To: BERTRAND Joël <joel.bertrand@systella.fr>, 807258@bugs.debian.org

Subject: Re: Bug#807258: Logged transaction

Date: Tue, 08 Dec 2015 17:00:01 +0100

#0  fmtmsg (to=0x8de4b0 "testuser", num=num@entry=0x4a1e43 "550", enhsc=0x0, eno=eno@entry=0, fmt=fmt@entry=0x4a2871 "%s", ap=ap@entry=0x7ffde99f8358, eb=0x76be20 <MsgBuf> "")
    at err.c:920
#1  0x0000000000430416 in usrerr (fmt=fmt@entry=0x4a2871 "%s") at err.c:299
#2  0x0000000000476614 in smtp (nullserver=nullserver@entry=0x0, d_flags=d_flags@entry=0x765238 <Daemons+152>, e=e@entry=0x6c8b40 <MainEnvelope>) at srvrsmtp.c:3065
#3  0x000000000040a6b6 in main (argc=6, argv=0x7ffde9a00148, envp=<optimized out>) at main.c:2711

caused by debian/patches/format-security.patch which turns
  usrerr("451 4.7.1 Greylisting in action, please come back in 00:30:00")
into
  usrerr("%s", "451 4.7.1 Greylisting in action, please come back in 00:30:00")
and "%s" does not start with a smtp status code ... resulting in "550" from "num" 
parameter being used instead.

Help would be welcome for a proper fix. From a hardening POV this patch is needed
- we cannot pass an untrusted string (the status string returned by milter-greylist)
as a format string to printf.



Andreas

Message #25 received at 807258@bugs.debian.org (full text, mbox, reply):

From: BERTRAND Joël <joel.bertrand@systella.fr>

To: 807258@bugs.debian.org

Subject: Fixed

Date: Wed, 9 Dec 2015 12:57:31 +0100

I have downgraded sendmail to 8.14.4 (built from debian/stable sources) 
and sendmail runs as expected. Please remove faulty package or apply 
last sendmail patches that fix this known issue.

Best regards,

JKB

Message #30 received at 807258@bugs.debian.org (full text, mbox, reply):

From: Marcus Schopen <lists@localguru.de>

To: BERTRAND Joël <joel.bertrand@systella.fr>, 807258@bugs.debian.org

Subject: Re: Bug#807258: Fixed

Date: Wed, 09 Dec 2015 20:02:46 +0100

Hi,

Am Mittwoch, den 09.12.2015, 12:57 +0100 schrieb BERTRAND Joël:
> I have downgraded sendmail to 8.14.4 (built from debian/stable sources) 
> and sendmail runs as expected. Please remove faulty package or apply 
> last sendmail patches that fix this known issue.

Have you posted it on the milter-greylist mailinglist too? I think
Emmanuel Dreyfus would be interested.

Cheers
Marcus

Message #35 received at 807258@bugs.debian.org (full text, mbox, reply):

From: BERTRAND Joël <joel.bertrand@systella.fr>

To: Marcus Schopen <lists@localguru.de>, 807258@bugs.debian.org

Subject: Re: Bug#807258: Fixed

Date: Wed, 9 Dec 2015 22:43:55 +0100

Marcus Schopen a écrit :
> Hi,
>
> Am Mittwoch, den 09.12.2015, 12:57 +0100 schrieb BERTRAND Joël:
>> I have downgraded sendmail to 8.14.4 (built from debian/stable sources)
>> and sendmail runs as expected. Please remove faulty package or apply
>> last sendmail patches that fix this known issue.
>
> Have you posted it on the milter-greylist mailinglist too? I think
> Emmanuel Dreyfus would be interested.
>
> Cheers
> Marcus

	Yes, I have.

	Regards,

	JKB

Message #40 received at 807258-close@bugs.debian.org (full text, mbox, reply):

From: Andreas Beckmann <anbe@debian.org>

To: 807258-close@bugs.debian.org

Subject: Bug#807258: fixed in sendmail 8.15.2-3

Date: Thu, 10 Dec 2015 18:02:14 +0000

Source: sendmail
Source-Version: 8.15.2-3

We believe that the bug you reported is fixed in the latest version of
sendmail, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 807258@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <anbe@debian.org> (supplier of updated sendmail package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 10 Dec 2015 18:02:49 +0100
Source: sendmail
Binary: sendmail-bin rmail sensible-mda libmilter1.0.1 libmilter1.0.1-dbg libmilter-dev sendmail-doc sendmail sendmail-base sendmail-cf
Architecture: source
Version: 8.15.2-3
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Andreas Beckmann <anbe@debian.org>
Description:
 libmilter-dev - Sendmail Mail Filter API (Milter) (development files)
 libmilter1.0.1 - Sendmail Mail Filter API (Milter)
 libmilter1.0.1-dbg - Sendmail Mail Filter API (Milter) (debug symbols)
 rmail      - MTA->UUCP remote mail handler
 sendmail   - powerful, efficient, and scalable Mail Transport Agent (metapacka
 sendmail-base - powerful, efficient, and scalable Mail Transport Agent (arch inde
 sendmail-bin - powerful, efficient, and scalable Mail Transport Agent
 sendmail-cf - powerful, efficient, and scalable Mail Transport Agent (config ma
 sendmail-doc - powerful, efficient, and scalable Mail Transport Agent (documenta
 sensible-mda - Mail Delivery Agent wrapper
Closes: 807258
Changes:
 sendmail (8.15.2-3) unstable; urgency=medium
 .
   * QA upload.
   * format-security.patch: Try a different approach and verify that an
     (untrusted) non-literal string does not contain formatting codes ('%')
     before using it as a format string without arguments.  (Closes: #807258)
Checksums-Sha1:
 a4d45c98c67910a363354294e0839783d51013a5 2595 sendmail_8.15.2-3.dsc
 2f1aaa5e9c45cc6697142470127ee5cb8fdfe11c 404196 sendmail_8.15.2-3.debian.tar.xz
Checksums-Sha256:
 052e28845ea88533efe1e522a37fbc3146893c93570cd7ebb1279be10b9006bc 2595 sendmail_8.15.2-3.dsc
 de4f5cc4e9ce508bc514ebe76a615d4ba1b925d97bdd1edb59316ffc436e8b54 404196 sendmail_8.15.2-3.debian.tar.xz
Files:
 c99e0bb175dab83e0739815af3584087 2595 mail extra sendmail_8.15.2-3.dsc
 dcc1d286fea1c94d5cc85bcb1fa3d942 404196 mail extra sendmail_8.15.2-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWabUSAAoJEF+zP5NZ6e0ISz4P+wQjhkCINcvouAVB4f2qipSC
jhCNrvDEiRDwaKadiLytG68YDlgazidHR3664y0e/qwzWtpCFvA1hGW0up00OXMe
pL9bQYBz5fm/0bWF7SBR5WSMs9v1BpuWLfPe6nD/B8JXLwUjtzcRwOOuawa+HB/f
sHLj74V2ZvIidizhvQeQX8ix5yn1CS6ecAkBBy7Fgl1TtQHSU18YpTCQKqE/XUst
duEBRtmefKvNd15Ifx46ZhSvoEPFPh0Y1tbqaBYqatoNyH/fheV/rTlhG+1jwxtP
R2TZSzuMX7DaswV3jsZ+uZZyvyF38+RUdlIGDpz1q71mWQ/1+ovLYrv+G7a3znhy
4NHxC6s3mX33IXxw9LRQpoKtJ1R/4bx3eM4yKR0A4LgJjsK7AJYC+SvAFX0MB6tO
mRWL0Zdm6GcJ3uKXDh4lpuf6qqXETZHvUtN5otAELmSBpAsifrpR7lBUG8nCVpqC
1u9paPNHb+JVsZS+//gbj+E32A75q8yErxloLHT+dW6rORjERbn0xR8JABkxsB6F
UkEqu+eiA5T6oPIvyISkiyar8toXhxUTzAba/Mv1xc9sVarGzRJIh/L5vey12Yv2
rgXaXm8iUdw6QOASZVybmyvudzHu2HQkx1Y7aVqgH8rZgsQyJBivq4dHJerBGqie
hRxBoGkhoiMALHz9bcnQ
=sj18
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.