[tpop3d-discuss] SSL and 7BIT enconding
Jens Liebchen (ppp-design)
jens at ppp-design.de
Mon, 27 Oct 2003 16:49:43 +0100
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig95A86665A33131654C8BBEB5
Content-Type: multipart/mixed;
boundary="------------080306010209040503060202"
This is a multi-part message in MIME format.
--------------080306010209040503060202
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Dave Baker wrote:
Hi Dave,
> If the email doesn't contain any sensitive information would you be able
> to provide us/me a copy of it so I can drop it in my own mail spool and
> see if your mail causes the same problem on my system. That may help
> determine if we actually have the same problem, or different problems that
> exhibit similar behaviours.
After an hour of investigation, it seems to be excatly the same problem
you have talked about some weeks ago. The OS here is Linux 2.4.20-20.7
(Redhat Kernel Sources) and openssl is 0.9.6b-35.7.
I have tracked down the problem to one single mail, which is attached. I
have anonymized every IP and hostname appearing in the header. Without
SSL everything is running fine. When you are using SSL and you fetch the
message twice, the second attempt ist aborted with "read:errno=0" on the
client side.
So, conclusion: Somehting really strange is happening here: If this mail
appears twice in your inbox or another similar second message is there,
you are unable to fetch fetch these mails encrypted. I am not sure, what
excatly is the error, but maybe it has to do with the strange encoding
used ("7BIT"). It seems to be definitly a tpop3d or openssl bug and
should be fixed ASAP, because this can lead to a DoS of the affected
mailbox. Hopefully somebody more familiar with openssl and tpop3d than
me can now find the exact problem, as we have now a good example message.
BTW: This has happend 3 times here know in the last weeks, but I thought
the mailboxes got corrupted and have not investigate this strange thing
before.
BTW2: Thx Dave, for the openssl s_client trick :-)
Cheers,
Jens Liebchen
ppp-design
--
ppp-design
http://www.ppp-design.de
Public-Key: http://www.ppp-design.de/pgp/ppp-design.asc
Fingerprint: 5B02 0AD7 A176 3A4F CE22 745D 0D78 7B60 B3B5 451A
--------------080306010209040503060202
Content-Type: text/plain;
name="tpop3d-ssl-mail"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="tpop3d-ssl-mail"
>From aaaaaaaaaaa@aaa.de Mon Oct 27 13:44:00 2003
Return-Path: <aaaaaaaaaaa@aaa.de>
Delivered-To: aaaa@aaaaaaaaaaaaaaa.de
Received: from aaaaaaaaaaaaaaaaaaaaaaaa.de (aaaaaaaaaaaaaaaaaaa.de [123.123.123.1])
by aaaaaaaaaaaaaaaaa.de (Postfix) with ESMTP id C0BFF36D47
for <aaaa@aaaaaaaaaaaaaaa.de>; Mon, 27 Oct 2003 13:43:56 +0100 (CET)
Received: from aaaaaa (aaaaaaaaaaaaaaaaaaaaa.de [123.123.12.1])
by aaaaaaaaaaaaaaaaaaaaaaaa.de
(iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
with ESMTP id <aaaaaaaaaaaaaa@aaaaaaaaaaaaaaaaaaaaaaaa.de> for
aaaa@aaaaaaaaaaaaaaa.de; Mon, 27 Oct 2003 13:38:24 +0100 (MET)
Received: from aaaaaaaaaaaaaaaaa.de ([123.123.1.1])
by aaaaaa (MailMonitor for SMTP v1.2.2 ) ; Mon,
27 Oct 2003 13:38:23 +0100 (MET)
Received: from aaaaa (aaaaaaaaaaaaaaaaaaaaaa.de [123.123.12.3])
by aaaaaaaaaaaaaaaaa.de (8.12.10/8.12.7-1) with ESMTP id h9RCcMsU027585 for
<aaaa@aaaaaaaaaaaaaaa.de>; Mon, 27 Oct 2003 13:38:22 +0100 (MET)
Received: by aaaaa (Postfix) id D692117A19; Mon,
27 Oct 2003 13:38:23 +0100 (CET)
Received: from aaaaaaaaaaaaaaaaaaaaaaaa.de
(aaaaaaaaaaaaaaaaaaa.de [123.123.1.123]) by aaaaa (Postfix)
with ESMTP id 669AF17A00 for <aaaa@aaaaaaaaaaaaaaaa.de>; Mon,
27 Oct 2003 13:38:23 +0100 (CET)
Received: from aaaa (aaaa [123.123.123.1]) by aaaaaaaaaaaaaaaaaaaaaaaa.de
(iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
with ESMTP id <aaaaaaaaaaaaaa@aaaaaaaaaaaaaaaaaaaaaaaa.de> for
aaaa@aaaaaaaaaaaaaaaa.de (ORCPT aaaa@aaaaaaaaaaaaaaaa.de); Mon,
27 Oct 2003 13:38:21 +0100 (MET)
Received: from aaaaaa.aaaaaaaaaaa.de ([123.123.1.2])
by aaaa (MailMonitor for SMTP v1.2.2 ) ; Mon, 27 Oct 2003 13:38:20 +0100 (MET)
Received: from aaaaaaaa.aa ([123.123.123.123])
by aaaaaaaaaaaaaaaaaa.de (8.12.10/8.12.7/1) with SMTP id h9RCbuJO009606 for
<aaaa@aaaaaaaaaaaaaaaa.de>; Mon, 27 Oct 2003 13:38:08 +0100 (MET)
Date: Tue, 28 Oct 2003 03:37:17 +0000
From: "aaaaaaaaaaaaaa" <aaaaaaaaaaa@aaaaaa>
Subject: *****SPAM***** osuqfecaxc
To: aaaa@aaaaaaaaaaaaaaaa.de
Message-id: <def001c39d04$0486f929$3f39e063@lcyladc>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
Content-type: text/html
Content-transfer-encoding: 7BIT
X-Priority: 3
X-MSMail-priority: Normal
Delivered-to: aaaa@aaaaaaaaaaaaaaaa.de
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on circe
X-Spam-Level: **********
X-Spam-Status: Yes, hits=10.8 required=6.0 tests=BANG_EXERCISE,
FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,HTML_90_100,
HTML_FONTCOLOR_RED,HTML_FONT_BIG,HTML_FONT_INVISIBLE,HTML_MESSAGE,
HTML_TAG_BALANCE_BODY,HTML_TAG_BALANCE_HTML,MIME_HTML_NO_CHARSET,
MIME_HTML_ONLY,PENIS_ENLARGE,USERPASS autolearn=no version=2.60
X-Spam-Report: * 1.2 BANG_EXERCISE BODY: Talks about exercise with an
exclamation! * 1.1 PENIS_ENLARGE BODY: Information on getting larger
penis/breasts * 0.3 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body"
tags * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 HTML_FONT_BIG
BODY: HTML has a big font * 0.4 HTML_TAG_BALANCE_HTML BODY: HTML has
unbalanced "html" tags * 0.1 MIME_HTML_ONLY BODY: Message only has text/html
MIME parts * 0.4 HTML_FONT_INVISIBLE BODY: HTML font color is same as
background * 1.1 HTML_90_100 BODY: Message is 90% to 100% HTML * 0.1
HTML_FONTCOLOR_RED BODY: HTML font color is red * 0.7 MIME_HTML_NO_CHARSET
RAW: Message text in HTML without charset * 3.1 USERPASS URI: URL contains
username and (optional) password * 1.1 FORGED_OUTLOOK_HTML Outlook can't send
HTML message only * 1.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this
format
<html>
<body><kqvfnvdbjtaio>
<kmolxqmbxdi><center><koexirpdcpox>
<table width="580" border="0"><ksffwlwdymp>
<td>
<kdenzpeoxohsg><center><keewakthoqvdbhh><font face="Verdana" size="+1"><knolxuhdplthsm>
<b><klittigdtanlbx>T<kaaesacxatoyjc>her<kquqcfrbkfary>e i<kgsltmfchbimktc>s n<kfjbkcacwolyhwc>o ot<kgwmzrbddnkk>he<kicsuindybzlxv>r w<kdqwvzacjdavyz>ay to e<kppgenvdbou>n<kzfifjucaaldrm>la<kieyfsxcvmxqezc>r<kbdvmgqcbtgs>g<kvvntuyffdgjx>e
y<kqomwkpbueupcn>o<kntkzfudnlbvxub>u<kcwvmbiepxhpxee>r p<kdqvkfycildku>en<kubgmprbgwdtchj>i<klluhaqcsuqu>s.<kjznwjxbdfe>.<kppgnfobocg>.<kdadejvmxsjfc></b><kpuibazdtgqnoqb><br>
<font face="Arial" size="-2">P<koodnwxdeslkbrc>le<kxdhumfcwgsph>a<kdwqclybnctahtb>s<kokbaepbvvlgrcc>e <kbegijlbcqpgs><font color="#FF3333">S<kawgmuocvzbsuz>T<katvctrbaae>O<ktwnxqmchssdncd>P</font><font
face="Verdana"><kcwifukbubv> a<ktpquypccean>n<khandypbsdud>d r<knlmpcjbxziqbv>ea<kkicjsuccnjb>d i<kolowhlbacs>f y<kiouwlgkotp>ou a<kahkmpydwqrnb>r<kuziepgbknkjd>e s<kwzvcjqbpgwxltc>e<kpxblfhbkcwdgoc>ri<kyzxdyocjwuy>ou<kxtxqkxcnzp>s<kccwmwibjqlxzxd>
a<kokgsckbcckgs>nd in<kqucpdxdceesde>te<kjxijbudsbxahld>re<kflaaqubapn>st<kbelktazungq>e<koexirkzybzr>d i<krcapgdbbrko>n g<kuxazmgblqw>ai<kiryzlgdwdpmp>ni<keoslymcmxjbv>n<knbnppscnvv>g l<kzehxcqcxlb>e<kalcpneboflbro>n<kmdnrtybnjxkd>g<kfdbemsdoydqxvc>t<kaqcnegdltv>h
an<kgrijkcdrhscu>d w<kioruwnmjxevn>id<kpiognecxdbbdzd>t<kcbosphbyhcaw>h t<kbpsugbbrck>o y<kyvnacpawzhblfc>ou<kvlbzhsddrwjkb>r p<kqvzsllcpvbg>e<kfnbcweqhdg>n<katrtztryhojs>i<kopmcrhdgffefsb>s<kjbionkbptxwf>!<klbtvwobmxbpgc>
</table><kmisqjkcvuomd><font color="#FFFFFF">rrppcabsgritd nvqepzshocxvk</font><kaiiqubvsdqvdc><br>
<kefuibbcwnge><table width="580" border="0"><td><kzkjefwvuil></center><ktprygnbsxgn>
<font face="Arial"><b>S<kbdcjzrcyzhsmj>to<kovdiqubelywxyd>p b<kutsiprbqoocfvh>uy<klicfycmxvnpqc>in<kifilticqnxdmwb>g p<kyzhujacdkp>um<kesdtukcmkaz>ps a<kcarpbbijdmvu>nd d<kgiqhwdivjk>oi<kgfbmtxbhoeelyv>n<kexuzmwcuraumux>g
u<kqojhmbcdltl>se<kxhhwcacymfyknb>le<kwvhpznbyswwb>s<kfsqumtdywto>s ex<kiyhblwbktqhsq>er<kbbfatxcfxnjc>ci<kjplcwgbxzry>se<ktjkxzpbfshzqcd>s<krcxlhfcnru>!<kmzwftdcmxg></b><kxlzudzdmxumll><br>
<kcsdptpdaes>Th<kgtkejjbobopkf>es<kcwewijbxruymr>e m<kcjbzeecrcb>et<kvvanlnckumzr>ho<koinjxebthg>d<krycsdocoahsymc>s w<kqxlaxibvwgjo>il<kmganmkbyegeivd>l n<kbhiskecvulee>ot w<kywyvuxfjruv>or<klvzopiwozqlgd>k i<kjqhxvncxsth>n a
<kcrpyuqdhbnf>mi<kmptmazbzvqgcv>ll<kahwjrbbymzrfh>io<krkwttqbsqodgh>n y<kbwirevcsvqwh>ea<konpzmpqwmg>rs<ktoqzohjjdnzh>.<kwbfpsectyvlxwc>.<kcumkblufimv><br><br>
O<kosbtmkbgoloffo>u<kqiescsbytbhfa>r p<kartbaadsufbms>i<kbfhwpbcpgbdeg>l<kwrwyjxdzqp>l<kdryuqkcitslym>s<kxvpfjxdjreabf> o<klumikrcewmk>r pa<kpmyzjlsmgr>t<kaercmvcfsssuad>c<kckiknvsluogsdy>h<kxofizocmkpbr>e<kibezqscbawkz>s<ksosvewxvout> w<kgbqcaqcmblwqqc>i<kjlkyqjukzif>ll<kwekraablabppvd>
d<kgehttydyqot>o a<kqeairkdyvhcenc>ll<kzrpaancuzsnbp> th<kfttdesdawmcm>e w<kxmdrmcdpwc>or<kvmkxutdulsu>k f<kplpjrqbclesjg>or y<ktwsuarlbrssdes>ou<kwpggnuborfan>. P<kerpyfqbaxaef>lu<keogqhqdarh>s t<ktlifcdsmmul>o t<kzvdabtckshb>o<kxfnvpacibvp>p i<klzadwidnelg>t
o<knshjovcdeveexd>f<klcnxvpckqm>f<kncfzocbqye>,<kfqrlgdvoghaqh>
i<kkkvlltcwtylfvd>f y<kmtusqhbjbzek>ou<klklccwetepn> a<kruqwebtzyojfjd>r<kppuzvdrzxtgo>e n<kymtwdbzymgbf>o<klkhuqpcmpmebs>t<br> s<kzigthsdncg>at<klfgxxhbngiep>is<kdozsybdfbvpssb>fi<kphltjwaknig>e<krmnulvzmmnhxq>d w<kvifbqlxaic>it<kaisqewbglp>h
a<ketimxkbtgoc>ny<kpxceswjkizavcp> o<kqhfsxgswqc>f o<klziptdfwumth>ur <kvaowdwoewibpc>p<krpcbkzbjhnn>r<kmslnfxbmbb>o<kwqtyflblrn>d<kwikgwkclxs>u<kuxqwqlciuojsi>ct<kdlrbtbczehrkb>s<kfmkbxsgpxgq>,<kodpnctojgfrmj> <kfwvesnbsxtdag>s<ktxquwubyrl>im<kbavinkbumkqzrb>pl<kesqaagbbjfk>y
c<kkgntgxspyhw>on<khktntdkiogjl>ta<kgtuxfxdbhg>c<kgsdjjbrjciw>t<kbpgtuhlsyp> <khkvsvbdvzfdqfd>u<klksyhgboqcpcf>s f<kygtbnmczinxr>o<knyezeqclsufm>r a <kraxqoacikoxp><b><kbdhbzfsqduend>1<kfstdrccact>0<kafapibbiogz>0<klopjdtdzthvvzd>%<kvlwujdhvgoeac>
<kksjebecgxa>r<kpgrruhbifyrz>e<kqnohfddkynw>f<kwkmgdkdmfnxlv>u<kwwlrrxdfoxml>n<kjmpxqectvu>d.<kofhxtipoywp></b><kgtsdwsdotk></td><kwgytwnbmbfikv>
</table><kkhaoppcnruk>
<font color="#FFFFFF">pyjvwqbavc zqzsvibjadqp</font>
<kloljsmdlymtfj><table width="580" border="0"><kurbeurcnjmnl>
<td><kzglogfvukfofdw><center><kitnxpgxldxjc><font face="Verdana" size="+1">
<kchaaupdvusgmpc><a href="http://ojolecdvhr@informatix.us/info/p/"><kxmttcycyutkwz>
<kojfmldbhifqtgc>-<kptcigkdjei>-<klkbvogmhvm>><kaqdeccqymgfr> L<knibaeodkcw>e<knysudwbbluo>a<kqlorcecsfw>r<kbcrcjfdoot>n<kvhshwcdmqhx> m<kaxbahhbxkt>or<kfiuqrfddvz>e a<kpewkpichfor>bo<kfjwocwdfnmuhm>u<kbobgqdjeonopcc>t
<keunfgbfhprux>p<kreoclbdiek>e<kdjpkxidfpbjxcb>n<kgsntevhouudgcq>i<kskthymcmcsaeh>s <kfuqqjacmcxwho>p<kfwgblmxvskbzbj>a<kzifisbcieb>t<kthcnrcbzxtatw>c<kmhwhfjfrbhfncy>h<kbaayyydzxfytub>e<kktlbqfbwvu>s<kogwqmgbxpcxo>
<keanskauwsix>h<kwhuqcaeqyd>e<keqlibxcrcbgifv>r<kqavkkldrdjxvab>e<kdrtiqqblok>.<khuiqlgcvuypys>.<khlmmcrbiui>.<kjqrsqugwcqyg>.<kpzhlusdbbsrcw>.<kpgczdqdzcp>.<kvfoiqxduqa> <kjouguobwlu><<kgjblcwpgthhbdi>-<kiienviuqyeapdj>-<kncwgbadmtpdc></a><kljxzivdzdetld></td><khuoebibhihqd><tr>
<td><center><font face="Verdana" size="+1">
<a href="http://fjnfaevucwpvd@informatix.us/info/v/"><ktzdqnfcyyslook>
<kuwhiplcrvkn>-<kfgsydqcmbm>><klhkeenchuuotud> <kmvstqqocnq>L<ksglpklbtsqrx>e<ktyeweabrhamug>a<kbpwrtibtvxhbr>r<kgkmppgbtudjb>n<kvjfdztdfao> <kxokocmshefjft>m<kllaitndslwe>o<kebyimrcaunabs>r<kvxdnlhcopv>e<kbfenpgbomaij>
<kkvcuzddbdwr>a<kpdwbmedozddehd>b<kuyatzhblxwug>o<kbrwmpnyzrymqdp>u<keagwhfcexbyw>t<kjsovwjdducy> <krlqgekcppacktd>h<knoyddkbtkvks>e<kgfdnodnbyt>rb<kyzzekadcyviq>a<kpgoxzgezmvx>l<ktdrwbvdhimxnq> <kifggsdbicbvqj>p<kxodeoecjnbhbnd>e<kvzrkkkdmsnomt>n<kygjlgkaonmtdn>i<kkshwekbryiot>s<kxtllxsdzwopov>
<kvgyjzvdgjbn>p<kradrecdfxcsotd>i<knxuzrmccnkyg>l<ksgcaarcuuz>l<kpdvthscxzot>s<kzhjqckblxxllgl> <kbngkbyxklbixcf>h<ktdnqfrcotkwf>e<kopgflkbtbps>r<krgxkbeujlfw>e<kaeceybesmyzlb>.<kixmkdmdunnpvv>.<kmtlhmqdkxanmpb>
<kuzgrpuoiarilbk><<kuzyyjbdzihb>-<kxfltkuduag></a></td><kpzpvtrcfkzhw></table><kissjbqddkkswhc>
<kjplylqbvkn><font color="#FFFFFF">nifboabmtueh rrybqcbefqk</font><krhugylchsl><p><kfuwvztgjyrm><p><kvqmnizctup>
<kvlbuwsbfwnfieb><font face="Arial" size="-2"><a
href="http://ilamvidhovgpp@informatix.us/info/out.html"><knvcjqibukafwwe>U<kohsyfbbjoyiuu>n<ksydsdzclbc>s<ksrzxkkpynzjs>u<kqpehdhlumprhce>b<kzkkfxbddeao>s<knsntmqctxuvt>c<kibkzrkdssrl>r<khfnjqavauze>i<kghiudwdsloep>b<kkoqhswdybr>e<kempfoedayhdzgb>
<khifsipecuarbze>m<kdconumchoqpgm>e<kjxmfbjccnrq> <knsphsnbappfd>p<kmxqdnpbjflgbdp>l<kgzvmpydhahycyb>e<kpgfhtlbuvhk>a<kwmnbhybnxdqo>s<kevugwbdjhdfaa>e<ktmevtsdcabfjjc>.<kidjhfabxmbqth></a><kibkmtibcjh></font>
--------------080306010209040503060202--
--------------enig95A86665A33131654C8BBEB5
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/nT6bDXh7YLO1RRoRArO5AJoC53M4neAblKI3Oeifviul9MowuACg4TcK
IymL0qNfi80SDGNPl+6F1DI=
=RVV9
-----END PGP SIGNATURE-----
--------------enig95A86665A33131654C8BBEB5--