Mailing List Archive

NULL characters in SMTP command - random errors
Since upgrading to 4.90-1 every so often we get log messages of the following form

2018-03-14 12:15:05 SMTP syntax error in "RCPT TO:<xxx?xxx@cranfield.ac.uk>" H=mail-wm0-f46.google.com [74.125.82.46] I=[138.250.49.234]:25 NULL character(s) present (shown as '?')
2018-03-14 23:25:04 SMTP syntax error in "RCPT TO:<XXXXXXX@cra?field.ac.uk>" H=mail-qk0-f181.google.com [209.85.220.181] I=[138.250.49.234]:25 NULL character(s) present (shown as '?')
2018-03-09 10:56:00 SMTP syntax error in "R?PT TO:<XXXXXXX@cranfield.ac.uk>" H=mail-yb0-f193.google.com [209.85.213.193] I=[138.250.49.234]:25 NULL character(s) present (shown as '?')
2018-03-07 10:21:52 SMTP syntax error in "BD?T 27127 LAST" H=mail-it0-f66.google.com [209.85.214.66] I=[138.250.49.234]:25 NULL character(s) present (shown as '?')


(I have masked the actual email addresses)

So NULLs suddenly appear anywhere in the SMTP command, sometimes in the email address, sometimes the verb etc. In every case the NULL is a replacement for a real character not additional. When Exim sees these it returns a 501 so if this is part of a RCPT command the sender gets an NDR. It appears they are only coming in RCPT and BDAT commands but that may be coincidence. There are not a huge number - it seems to be between 2 and 10 a day. However all seem to be from google servers, although from several different ones.

Unfortunately Exim is not the only change that has occurred with this upgrade - we were previously running on old hardware and took the opportunity to change hardware (actually we went virtual), OS version and Exim version. However the error does occur on both our inbound servers. Our outbound server (which has been virtualised for a long time) has not yet been upgraded.

I did try disabling chunking on one of the servers but the errors still appeared.

It does appear that one other person has seen this but they have posted on stack exchange rather than emailing the list. In their case there are also issues with EHLO from non google servers but we have not seen this.

https://unix.stackexchange.com/questions/428884/random-null-characters-present-error-in-exim


I realise this will be difficult to track down but am at a loss where to even start really! All suggestions gratefully received. Would debug provide any more information? I think we have too much mail to run the whole daemon in debug mode for any length of time but it might be possible to run -dd if this error is actually seen in the main daemon which seems to be the case.


For a workaround it would be useful if the 501s could be turned into 4xx as at least that would mean people didn't get inaccurate NDRs (although this is obviously against SMTP standards). The string is hardcoded in smtp_in.c (around line 5676) so I'm wondering if I just need to change the 501 there - it doesn't seem to me that it should affect anything else but I am very far from being an expert on the code?


Version details

exim -bV

Exim version 4.90_1 #6 built 19-Feb-2018 15:25:37
Copyright (c) University of Cambridge, 1995 - 2017
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017
Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
Support for: crypteq iconv() OpenSSL Content_Scanning DKIM DNSSEC Event OCSP PRDR TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz
Authenticators: cram_md5 tls
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile autoreply pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /software/exim/run/configure


uname -a

Linux mailgate-3 3.10.0-693.21.1.el7.x86_64 #1 SMP Fri Feb 23 18:54:16 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux


more /etc/redhat-release

Red Hat Enterprise Linux Server release 7.4 (Maipo)

--
---------------------------------------------------------------------------------------------------------
Jonathan Haynes
Senior Network Specialist

IT Department, Tel: 01234 754205
Bld 63, e-mail: J.Haynes@Cranfield.ac.uk
Cranfield University,
Cranfield,
Beds, MK43 0AL



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: NULL characters in SMTP command - random errors [ In reply to ]
On Thu, Mar 15, 2018 at 11:30 AM, Haynes, Jonathan via Exim-users <
exim-users@exim.org> wrote:

> Since upgrading to 4.90-1 every so often we get log messages of the
> following form
>
> 2018-03-14 12:15:05 SMTP syntax error in "RCPT TO:<xxx?xxx@cranfield.ac.uk>"
> H=mail-wm0-f46.google.com [74.125.82.46] I=[138.250.49.234]:25 NULL
> character(s) present (shown as '?')
> 2018-03-14 23:25:04 SMTP syntax error in "RCPT TO:<XXXXXXX@cra?field.ac.uk>"
> H=mail-qk0-f181.google.com [209.85.220.181] I=[138.250.49.234]:25 NULL
> character(s) present (shown as '?')
> 2018-03-09 10:56:00 SMTP syntax error in "R?PT TO:<XXXXXXX@cranfield.ac.uk>"
> H=mail-yb0-f193.google.com [209.85.213.193] I=[138.250.49.234]:25 NULL
> character(s) present (shown as '?')
> 2018-03-07 10:21:52 SMTP syntax error in "BD?T 27127 LAST" H=
> mail-it0-f66.google.com [209.85.214.66] I=[138.250.49.234]:25 NULL
> character(s) present (shown as '?')
>
>
> (I have masked the actual email addresses)
>
> So NULLs suddenly appear anywhere in the SMTP command, sometimes in the
> email address, sometimes the verb etc. In every case the NULL is a
> replacement for a real character not additional. When Exim sees these it
> returns a 501 so if this is part of a RCPT command the sender gets an NDR.
> It appears they are only coming in RCPT and BDAT commands but that may be
> coincidence. There are not a huge number - it seems to be between 2 and 10
> a day. However all seem to be from google servers, although from several
> different ones.
>

Check out https://bugs.exim.org/show_bug.cgi?id=2250
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: NULL characters in SMTP command - random errors [ In reply to ]
On 15/03/18 15:30, Haynes, Jonathan via Exim-users wrote:
> Since upgrading to 4.90-1 every so often we get log messages of the following form
>
> 2018-03-14 12:15:05 SMTP syntax error in "RCPT TO:<xxx?xxx@cranfield.ac.uk>" H=mail-wm0-f46.google.com [74.125.82.46] I=[138.250.49.234]:25 NULL character(s) present (shown as '?')

bugs.exim.org/show_bug.cgi?id=2250

Fix currently being live-tested; tell me if you want a copy of the
patchset. It's not pushed to public git yet.

Workaround: disable pipelining.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: NULL characters in SMTP command - random errors [ In reply to ]
On 15 Mar 2018, at 15:54, Jeremy Harris via Exim-users <exim-users@exim.org> wrote:
> Fix currently being live-tested; tell me if you want a copy of the
> patchset. It's not pushed to public git yet.
>
> Workaround: disable pipelining.

Have said as much in answer to the Stack Exchange question.

Graeme


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/