search

haraka / Haraka

A fast, highly extensible, and event driven SMTP server
https://haraka.github.io
MIT License
5.02k stars 662 forks source link

check bounce and SPF plugins for IPv6 compat #1038

Closed msimerson closed 9 years ago

msimerson commented 9 years ago 
Jun 16 14:04:28 node haraka[74771]: [INFO] [0FD2113E-A637-4D85-B5E5-1346E0B63093.1] [bounce] isa: yes, pass:single_recipient
Jun 16 14:04:29 node haraka[74771]: [INFO] [0FD2113E-A637-4D85-B5E5-1346E0B63093.1] [data.headers] fail:from_match(null / onmicrosoft.com)
Jun 16 14:04:29 node haraka[74771]: [INFO] [0FD2113E-A637-4D85-B5E5-1346E0B63093.1] [connect.geoip] received=207.46.100.111 country=US
Jun 16 14:04:29 node haraka[74771]: [INFO] [0FD2113E-A637-4D85-B5E5-1346E0B63093.1] [bounce] isa: yes, pass:single_recipient, bad_rcpt, fail:empty_return_path
Jun 16 14:04:29 node haraka[74771]: [INFO] [0FD2113E-A637-4D85-B5E5-1346E0B63093.1] [core] hook=data_post plugin=bounce function=empty_return_path params="" retval=DENY msg="bounce with non-empty Return-Path (RFC 3834)"
Jun 16 14:04:29 node haraka[74771]: [INFO] [0FD2113E-A637-4D85-B5E5-1346E0B63093.1] [core] hook=deny plugin=karma function=hook_deny params="902" retval=OK msg=""
Jun 16 14:04:29 node haraka[74771]: [INFO] [0FD2113E-A637-4D85-B5E5-1346E0B63093.1] [core] deny(soft?) overriden by deny hook
Jun 16 14:04:29 node haraka[74771]: [ERROR] [-] [core] invalid IP address: fe80::ed00:2143:1858:6733]
Jun 16 14:04:29 node haraka[74771]: [ERROR] [-] [core] invalid IP address: fe80::ed00:2143:1858:6733]
Jun 16 14:04:29 node haraka[74771]: [ERROR] [-] [core] invalid IP address: fe80::ed00:2143:1858:6733]
Jun 16 14:04:29 node haraka[74771]: [CRIT] [0FD2113E-A637-4D85-B5E5-1346E0B63093.1] [core] Plugin bounce failed: Error: ipaddr: the address has neither IPv6 nor IPv4 format     at Object.ipaddr.parse (/usr/local/lib/node_modules/Haraka/node_modules/ipaddr.js/lib/ipaddr.js:410:13)     at SPF.check_host (/usr/local/lib/node_modules/Haraka/spf.js:158:26)     at /usr/local/lib/node_modules/Haraka/plugins/bounce.js:339:13     at Array.forEach (native)     at Plugin.exports.bounce_spf (/usr/local/lib/node_modules/Haraka/plugins/bounce.js:335:9)     at Object.plugins.run_next_hook (/usr/local/lib/node_modules/Haraka/plugins.js:371:28)     at Connection.deny_respond (/usr/local/lib/node_modules/Haraka/plugins.js:434:29)     at callback (/usr/local/lib/node_modules/Haraka/plugins.js:345:35)     at Plugin.exports.hook_deny (/usr/local/lib/node_modules/Haraka/plugins/karma.js:228:12)     at Object.plugins.run_next_hook (/usr/local/lib/node_modules/Haraka/plugins.js:371:28)     at Object.plugins.run_hooks (/usr/local/lib/
Jun 16 14:04:29 node haraka[74771]: [NOTICE] [8A8A5582-05F5-4BB9-AFE3-1FE4EC270B58] [core] disconnect ip=71.232.57.109 rdns="c-71-232-57-109.hsd1.ma.comcast.net" helo="[10.0.0.4]" relay=N early=N esmtp=Y tls=Y pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="" time=2.366
Jun 16 14:04:29 node haraka[74771]: [INFO] [0FD2113E-A637-4D85-B5E5-1346E0B63093.1] [bounce] Valid bounce originated from 66.128.51.178
Jun 16 14:04:29 node haraka[74771]: [ERROR] [0FD2113E-A637-4D85-B5E5-1346E0B63093.1] [core] bounce plugin ran callback multiple times - ignoring subsequent calls
Jun 16 14:04:29 node haraka[74771]: [ERROR] [0FD2113E-A637-4D85-B5E5-1346E0B63093.1] [core] Error     at callback (/usr/local/lib/node_modules/Haraka/plugins.js:317:34)     at run_cb (/usr/local/lib/node_modules/Haraka/plugins/bounce.js:332:16)     at /usr/local/lib/node_modules/Haraka/plugins/bounce.js:365:32     at mech_chain_caller (/usr/local/lib/node_modules/Haraka/spf.js:311:24)     at /usr/local/lib/node_modules/Haraka/spf.js:354:52     at mech_chain_caller (/usr/local/lib/node_modules/Haraka/spf.js:311:24)     at SPF.mech_ip (/usr/local/lib/node_modules/Haraka/spf.js:641:20)     at mech_chain_caller (/usr/local/lib/node_modules/Haraka/spf.js:327:33)     at /usr/local/lib/node_modules/Haraka/spf.js:330:9     at asyncCallback (dns.js:68:16)     at Object.onanswer [as oncomplete] (dns.js:147:9)

Maybe just need to pre-validate, or use try / catch to better handle this.

smfreegard commented 9 years ago

The SPF plugin shouldn't be an issue because of the way the ipv6 addresses are parsed. The bounce_spf stuff though yeah - I thought I'd been careful with the regexps, but I guess not. Do you happen to have the headers of that message?

msimerson commented 9 years ago

Do you happen to have the headers of that message?

Only the ones I saved in ES, which are not likely the ones you want:

"From": "<postmaster@frgi.onmicrosoft.com>"
"To": "<K*****tt@s******s.com>"
"Subject": "Undeliverable: cabana Beverage"
smfreegard commented 9 years ago

Yeah - I need the Received headers. Surprised you don't store the whole set of headers in ES in one big field (I'm doing that here).

smfreegard commented 9 years ago

Actually - I just realised; that wouldn't help anyway - the Received headers in this case would be in the message body of a MIME part as we're talking about a bounce.

msimerson commented 9 years ago

Indeed. My intent is to (when I find time) introduce a test case that exercises this.

smfreegard commented 9 years ago

I think this a much better regexp than my original:

^Received:.*[\[\(](\d+\.\d+\.\d+\.\d+|[a-fA-F0-9]+:{1,2}[a-fA-F0-9:]+)[\]\)]

msimerson commented 9 years ago

I think this a much better regexp than my original

I think your received parsing regexp should go in utils, where it could get covered by a nice variety of Received headers. The utils version should replace the regexp in connect.geoip that also parses Received headers. A future data.headers function that checks for a Network Level Consistent path (the from-domain of the current Received: header belongs to the same network prefix as the by-domain of the previous Received: header) would also use it.

Dexus commented 9 years ago

PR #1120

Dexus commented 9 years ago

I think also the regexp should go in the utils. @msimerson will you do the take it to the utils?