Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Qmail::Deliverable checking of recipient address with dots #313

Open
greycat70 opened this issue Nov 4, 2023 · 0 comments
Open

Qmail::Deliverable checking of recipient address with dots #313

greycat70 opened this issue Nov 4, 2023 · 0 comments

Comments

@greycat70
Copy link

I'm using qpsmtpd 1.0 and Qmail::Deliverable 1.07. If a spammer sends mail to an address at my domain whose local part contains multiple dots in a row, this address is accepted by qpsmtpd, resulting in a bounce message (backscatter or joe-job problem) after the message cannot be delivered locally.

Qmail's bounce looks like this:

Hi. This is the qmail-send program at greg.wooledge.org.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
[email protected]:
Sorry, no mailbox here by that name. (#5.1.1)

The qpsmtpd log looks like this:

2023-11-04 14:56:33.471497500 740579 dispatching RCPT TO:<"zl5bsa9pgfixz..."@wooledge.org>
2023-11-04 14:56:33.472074500 740579 (rcpt) badrcptto: skip, empty config
2023-11-04 14:56:33.472328500 Invalid address: [email protected] at /usr/local/share/qpsmtpd/plugins/qmail_deliverable line 147.
2023-11-04 14:56:33.472329500 740579 (rcpt) qmail_deliverable: error (unknown) checking '[email protected]'
2023-11-04 14:56:33.472711500 740579 (rcpt) rcpt_ok: pass: wooledge.org in rcpthosts
2023-11-04 14:56:33.472810500 740579 250 [email protected], recipient ok

The relevant piece of plugins/qmail_deliverable looks like this:

my $rv = deliverable $address;

if (not defined $rv or not length $rv) {
    $self->log(LOGWARN, "error (unknown) checking '$address'");
    return DECLINED;
}

I think the relevant part of Qmail::Deliverable is this:

sub deliverable {
my ($in) = @_;
my ($address) = lc($in) =~ /$valid/
or do { carp "Invalid address: $in"; return; };

where $valid is a regular expression that these addresses containing consecutive dots do not conform to. So, deliverable generates an error because the address is malformed, qpsmtpd sees an error and decides not to trigger a DENY, the message is accepted, and a backscatter bounce is generated.

I can't tell whether this is an issue in qpsmtpd or in Qmail::Deliverable. It's not a frequent issue at my domain, fortunately, but it would be nice if I could put a stop to it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant