Qmail Support Forum

admin · Site Admin Joined: 21 Jun 2005 Posts: 209

I gave a try for new milter support in new postfix.
Lacking better alternative, and being lazy to understand
what this all stuff is about, I used clamav-milter which
comes ready-packaged for Debian linux.

For a test, I configured extra smtpd line in master.cf,
as follows:

127.0.0.1:smtp inet n - n - - smtpd
-o smtpd_milters=unix:/var/run/clamav/clamav-milter.ctl

Ie, smtpd_milters parameter is set for this very instance of smtpd
only, not in main.cf.

Clean mail goes ok. But infected (I used eicar test message) results
in cleanup dying with signal 11, which is SIGSEGV.

It's dying in vbuf_printf(), and back at the stack we see this:

(gdb) bt
#0 0x0807b699 in vbuf_print (bp=0x8096d68,
format=0x807ed85 "%s: %s: %s from %s[%s]: %s;", ap=0xbff3ace8 "")
at vbuf_print.c:206
#1 0x0807788a in vstring_vsprintf (vp=0x8096d68,
format=0x807ed85 "%s: %s: %s from %s[%s]: %s;",
ap=0xbff3acd8 "@o\t\b??\a\b\210?\a\b") at vstring.c:586
#2 0x0807784b in vstring_sprintf (vp=0x8096d68,
format=0x807ed85 "%s: %s: %s from %s[%s]: %s;") at vstring.c:576
#3 0x08052ba2 in cleanup_milter_apply (state=0x809b558,
event=0x807ee88 "END-OF-MESSAGE",
resp=0x809b410 "554 5.7.1 virus Eicar-Test-Signature detected by ClamAV - http://www.clamav.net") at cleanup_milter.c:1341
#4 0x08052d09 in cleanup_milter_inspect (state=0x809b558, milters=0x809b2f0)
at cleanup_milter.c:1373
#5 0x0804f793 in cleanup_flush (state=0x809b558) at cleanup_api.c:229
#6 0x0804a791 in cleanup_service (src=0x8097198,
unused_service=0xbff3bf89 "cleanup", argv=0xbff3b190) at cleanup.c:479
#7 0x08053273 in single_server_wakeup (fd=9) at single_server.c:256
#8 0x080533dc in single_server_accept_local (unused_event=1,
context=0x6 <Address 0x6 out of bounds>) at single_server.c:298
#9 0x0806de08 in event_loop (delay=-1) at events.c:606
#10 0x08053e0d in single_server_main (argc=7, argv=0xbff3b174,
service=0x804a534 <cleanup_service>) at single_server.c:715
#11 0x0804a91f in main (argc=7, argv=0xbff3b174) at cleanup.c:520

(gdb) frame 0
#0 0x0807b699 in vbuf_print (bp=0x8096d68,
format=0x807ed85 "%s: %s: %s from %s[%s]: %s;", ap=0xbff3ace8 "")
at vbuf_print.c:206
206 VBUF_STRCAT(bp, s);
(gdb) p s
$10 = 0x0

(gdb) frame 3
#3 0x08052ba2 in cleanup_milter_apply (state=0x809b558,
event=0x807ee88 "END-OF-MESSAGE",
resp=0x809b410 "554 5.7.1 virus Eicar-Test-Signature detected by ClamAV - http://www.clamav.net") at cleanup_milter.c:1341
1341 vstring_sprintf(state->temp1, "%s: %s: %s from %s[%s]: %s;",
(gdb) l
1336 text = resp + 4;
1337 break;
1338 default:
1339 msg_panic("%s: unexpected mail filter reply: %s", myname, resp);
1340 }
1341 vstring_sprintf(state->temp1, "%s: %s: %s from %s[%s]: %s;",
1342 state->queue_id, action, event, state->client_name,
1343 state->client_addr, text);
1344 if (state->sender)
1345 vstring_sprintf_append(state->temp1, " from=<%s>", state->sender);
(gdb) p state->queue_id
$11 = 0x8096f40 "75DBA7FD1"
(gdb) p action
$12 = 0x807ed3f "milter-reject"
(gdb) p event
$13 = 0x807ee88 "END-OF-MESSAGE"
(gdb) p state->client_name
$14 = 0x0 <===
(gdb) p state->client_addr
$15 = 0x0 <===
(gdb) p text
$16 = 0x809b414 "5.7.1 virus Eicar-Test-Signature detected by ClamAV - http://www.clamav.net"

(gdb) p *state
$17 = {attr_buf = 0x809aa60, temp1 = 0x8096d68, temp2 = 0x8096d20,
stripped_buf = 0xffffffff, src = 0x8097198, dst = 0x8094a70,
handle = 0x8099630, queue_name = 0x8096d98 "incoming",
queue_id = 0x8096f40 "75DBA7FD1", arrival_time = {tv_sec = 1153223451,
tv_usec = 643473}, fullname = 0x0, sender = 0x8097270 "mjt@corpit.ru",
recip = 0x809baf8 "mjt@corpit.ru", orig_rcpt = 0x0, return_receipt = 0x0,
errors_to = 0x0, flags = 262258, qmgr_opts = 0, errs = 8, err_mask = -1,
headers_seen = 33559680, hop_count = 1, resent = 0x807dced "",
dups = 0x8096db0, action = 0x804d58d <cleanup_extracted_process>,
data_offset = 459, xtra_offset = 1892, append_rcpt_pt_offset = 440,
append_rcpt_pt_target = 457, append_hdr_pt_offset = 2056,
append_hdr_pt_target = 973, rcpt_count = 1,
reason = 0x809b480 "5.7.1 virus Eicar-Test-Signature detected by ClamAV - http://www.clamav.net", attr = 0x8097300, mime_state = 0x0, mime_errs = 0,
hdr_rewrite_context = 0x807d2a7 "local", filter = 0x0, redirect = 0x0,
dsn_envid = 0x0, dsn_ret = 0, dsn_notify = 0, dsn_orcpt = 0x0,
verp_delims = 0x0, milters = 0x809b2f0, client_name = 0x0, client_addr = 0x0}

So, it looks like client_{addr,name} aren't initialized here for
some reason.

The whole rejection comes after the final \r\n.\r\n (when clamav-milter
acts), and smtpd writes out "4xx queue file write error".

Investigating further...

/mjt

admin · Site Admin Joined: 21 Jun 2005 Posts: 209

That is weird. Postfix initializes state->client_name and
state->client_addr while it simulates the connect/helo/mail_from
stages of the protocol:

void cleanup_milter_emul_mail(CLEANUP_STATE *state,
MILTERS *milters,
const char *addr)
{
...
state->client_name = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_NAME);
state->client_addr = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_ADDR);

client_port = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_PORT);
proto_attr = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_AF);
if (state->client_name == 0 || state->client_addr == 0 || proto_attr == 0
|| !alldig(proto_attr)) {
state->client_name = "localhost";
state->client_addr = "127.0.0.1";
client_af = AF_INET;
} else
...

There is only place where state->client_name/addr are set to zero.
And that is long before cleanup_milter_emul_mail() is called.

So one might conclude that there's a missing or reversed condition
somewhere so that Milter code does (not) run when it should. Can
you collect "cleanup -v" logging; that will show the Milter events
that it tries to handle.

Wietse