Mailing List Archive

Thursday, July 04, 2002, 5:22:32 PM, you wrote:

> The Received header is not being created properly by your MTA. From
> RFC2821:

> So, the line is *supposed* to look something like this:

> > Received: from your-w92p4bhlzg ([12.246.204.28])
^^^^^^^^^^^^^^^
> > by iglou.com with smtp (Exim 4.05) id 17PrkX-0003Wo-00;
> > Wed, 03 Jul 2002 17:33:21 -0400

The Received-Header looks quite ok. What may be wrong is the marked
line - this is not a FQDN, but an unqualified host, which, according
to RFC 2821 MUST NOT appear in a SMTP-header.

--
mbs GmbH | http://www.mbs-software.info
Jochen Erwied | mailto:Jochen.Erwied@mbs-software.info
Roemerstr. 15 | phone: +49-2151-7294-0
47809 Krefeld | fax: +49-2151-7294-50

On Thu, 2002-07-04 at 16:22, Dean Brooks wrote:
> One of our users forwarded a message that they received from Spamcop
> today saying that the Received: headers coming out of our Exim
> installation weren't in compliance with RFC2821.

> Stamp = From-domain By-domain Opt-info ";" FWS date-time
> From-domain = "FROM" FWS Extended-Domain CFWS
> Extended-Domain = Domain /
> ( Domain FWS "(" TCP-info ")" ) /
> ( Address-literal FWS "(" TCP-info ")" )
> TCP-info = Address-literal / ( Domain FWS Address-literal )
> ; Information derived by server from TCP connection
> ; not client EHLO.

They missed the first line of the BNF... which is pretty silly. That is
taken from RFC2821. However it looks to me as though the RFC is *very*
badly written here, especially when taken with 822/2822 - ie mandating
the content of comments. Further up the comments don't sit well with
the BNF descriptions.


> So, the line is *supposed* to look something like this:
>
> > Received: from your-w92p4bhlzg ([12.246.204.28])
> > by iglou.com with smtp (Exim 4.05) id 17PrkX-0003Wo-00;
> > Wed, 03 Jul 2002 17:33:21 -0400

On Thu, 2002-07-04 at 16:34, Jochen Erwied wrote:
> The Received-Header looks quite ok. What may be wrong is the marked
> line - this is not a FQDN, but an unqualified host, which, according
> to RFC 2821 MUST NOT appear in a SMTP-header.

and here we trip over ourselves :-
This line MUST be structured as follows:

- The FROM field, which MUST be supplied in an SMTP environment,
SHOULD contain both (1) the name of the source host as presented
in the EHLO command and (2) an address literal containing the IP
address of the source, determined from the TCP connection.

so that part has to be what the remote end gave you in the HELO/EHLO,
and technically you are not allowed to reject based on what you are
given there.

The received line on your original mail (added by exim.org - the first
received line appears to be a sendmail version number and an exim queue
id so it looks like you have been playing) was (rewrapped):-
Received: from team.iglou.com ([192.107.41.45] helo=iglou.com
ident=sendmail) by exim-colo-01.whoc.theplanet.co.uk
with esmtp (Exim 3.33 #4) id 17Q8RG-00034E-00
for exim-users@exim.org; Thu, 04 Jul 2002 16:22:34 +0100

So the stuff we put in comments is more extensive - and the first part
of the domain is not what we got from EHLO.

I'd say spamcop are being overly anal here....

Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@InTechnology.co.uk ]
[. - Comments in this message are my own and not ITO opinion/policy - ]

On 4 Jul 2002, Nigel Metheringham wrote:

[..]

> I'd say spamcop are being overly anal here....

Indeed, they only accept 'properly formatted spam' ??

So all a spammer has to do to prevent getting reported (at least via
spamcop) is make their headers not comply with spamcop's rules?

I remember getting some warning about some spam I submitted (exactly as
received, mind you) that had an HTML Mime-Type, but did not contain
HTML! I'm sorry, thats how the spammer sent it, why should it be a
problem for the person reporting it?

At least it was just a warning, and spamcop still took it, but the
documentation I was referred to suggested they might not accept it in
the future.

On Thu, 4 Jul 2002, Dean Brooks wrote:

> The user was apparantely forwarding a piece of spam to Spamcop, and
> Spamcop couldn't parse the Received headers correctly.
>
> Specifically, Spamcop sent this warning:
>
> The Received header is not being created properly by your MTA. From
> RFC2821:
>
> Stamp = From-domain By-domain Opt-info ";" FWS date-time
> From-domain = "FROM" FWS Extended-Domain CFWS
> Extended-Domain = Domain /
> ( Domain FWS "(" TCP-info ")" ) /
> ( Address-literal FWS "(" TCP-info ")" )
> TCP-info = Address-literal / ( Domain FWS Address-literal )
> ; Information derived by server from TCP connection
> ; not client EHLO.
>
> So, the line is *supposed* to look something like this:
>
> > Received: from your-w92p4bhlzg ([12.246.204.28])
> > by iglou.com with smtp (Exim 4.05) id 17PrkX-0003Wo-00;
> > Wed, 03 Jul 2002 17:33:21 -0400

I think they have overlooked the CFWS bits of those definitions. CFWS is
"comment or foldable white space".

So I claim that

Received: from abc (anything you like here) ....

is legal, because "abc" is a domain, which is also an extended-domain,
and "(anything you like here)" is CFWS. Basically, the "TCP-info" bit
achieves nothing.

--
Philip Hazel University of Cambridge Computing Service,
ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.