Re: [tpop3d-discuss] SSL and 7BIT enconding

tpop3d-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tpop3d-discuss] SSL and 7BIT enconding

From:	Jens Liebchen (ppp-design)
Subject:	Re: [tpop3d-discuss] SSL and 7BIT enconding
Date:	Mon, 27 Oct 2003 16:49:43 +0100
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007

Dave Baker wrote:

Hi Dave,

> If the email doesn't contain any sensitive information would you be able
> to provide us/me a copy of it so I can drop it in my own mail spool and
> see if your mail causes the same problem on my system.  That may help
> determine if we actually have the same problem, or different problems that
> exhibit similar behaviours.

After an hour of investigation, it seems to be excatly the same problem
you have talked about some weeks ago. The OS here is Linux 2.4.20-20.7
(Redhat Kernel Sources) and openssl is 0.9.6b-35.7.

I have tracked down the problem to one single mail, which is attached. I
have anonymized every IP and hostname appearing in the header. Without
SSL everything is running fine. When you are using SSL and you fetch the
message twice, the second attempt ist aborted with "read:errno=0" on the
client side.

So, conclusion: Somehting really strange is happening here: If this mail
appears twice in your inbox or another similar second message is there,
you are unable to fetch fetch these mails encrypted. I am not sure, what
excatly is the error, but maybe it has to do with the strange encoding
used ("7BIT"). It seems to be definitly a tpop3d or openssl bug and
should be fixed ASAP, because this can lead to a DoS of the affected
mailbox. Hopefully somebody more familiar with openssl and tpop3d than
me can now find the exact problem, as we have now a good example message.

BTW: This has happend 3 times here know in the last weeks, but I thought
the mailboxes got corrupted and have not investigate this strange thing
before.

BTW2: Thx Dave, for the openssl s_client trick :-)

Cheers,

Jens Liebchen
ppp-design

-- 
ppp-design
http://www.ppp-design.de
Public-Key: http://www.ppp-design.de/pgp/ppp-design.asc
Fingerprint: 5B02 0AD7 A176 3A4F CE22  745D 0D78 7B60 B3B5 451A

>From address@hidden  Mon Oct 27 13:44:00 2003
Return-Path: <address@hidden>
Delivered-To: address@hidden
Received: from aaaaaaaaaaaaaaaaaaaaaaaa.de (aaaaaaaaaaaaaaaaaaa.de 
[123.123.123.1])
        by aaaaaaaaaaaaaaaaa.de (Postfix) with ESMTP id C0BFF36D47
        for <address@hidden>; Mon, 27 Oct 2003 13:43:56 +0100 (CET)
Received: from aaaaaa (aaaaaaaaaaaaaaaaaaaaa.de [123.123.12.1])
 by aaaaaaaaaaaaaaaaaaaaaaaa.de
 (iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
 with ESMTP id <address@hidden> for
 address@hidden; Mon, 27 Oct 2003 13:38:24 +0100 (MET)
Received: from aaaaaaaaaaaaaaaaa.de ([123.123.1.1])
        by aaaaaa (MailMonitor for SMTP v1.2.2 ) ; Mon,
 27 Oct 2003 13:38:23 +0100 (MET)
Received: from aaaaa (aaaaaaaaaaaaaaaaaaaaaa.de [123.123.12.3])
        by aaaaaaaaaaaaaaaaa.de (8.12.10/8.12.7-1) with ESMTP id h9RCcMsU027585 
for
 <address@hidden>; Mon, 27 Oct 2003 13:38:22 +0100 (MET)
Received: by aaaaa (Postfix)    id D692117A19; Mon,
 27 Oct 2003 13:38:23 +0100 (CET)
Received: from aaaaaaaaaaaaaaaaaaaaaaaa.de
 (aaaaaaaaaaaaaaaaaaa.de [123.123.1.123])       by aaaaa (Postfix)
 with ESMTP id 669AF17A00       for <address@hidden>; Mon,
 27 Oct 2003 13:38:23 +0100 (CET)
Received: from aaaa (aaaa [123.123.123.1]) by aaaaaaaaaaaaaaaaaaaaaaaa.de
 (iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
 with ESMTP id <address@hidden> for
 address@hidden (ORCPT address@hidden); Mon,
 27 Oct 2003 13:38:21 +0100 (MET)
Received: from aaaaaa.aaaaaaaaaaa.de ([123.123.1.2])
        by aaaa (MailMonitor for SMTP v1.2.2 ) ; Mon, 27 Oct 2003 13:38:20 
+0100 (MET)
Received: from aaaaaaaa.aa ([123.123.123.123])
        by aaaaaaaaaaaaaaaaaa.de (8.12.10/8.12.7/1) with SMTP id h9RCbuJO009606 
for
 <address@hidden>; Mon, 27 Oct 2003 13:38:08 +0100 (MET)
Date: Tue, 28 Oct 2003 03:37:17 +0000
From: "aaaaaaaaaaaaaa" <address@hidden>
Subject: *****SPAM***** osuqfecaxc
To: address@hidden
Message-id: <address@hidden>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
Content-type: text/html
Content-transfer-encoding: 7BIT
X-Priority: 3
X-MSMail-priority: Normal
Delivered-to: address@hidden
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on circe
X-Spam-Level: **********
X-Spam-Status: Yes, hits=10.8 required=6.0 tests=BANG_EXERCISE,
        FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,HTML_90_100,
        HTML_FONTCOLOR_RED,HTML_FONT_BIG,HTML_FONT_INVISIBLE,HTML_MESSAGE,
        HTML_TAG_BALANCE_BODY,HTML_TAG_BALANCE_HTML,MIME_HTML_NO_CHARSET,
        MIME_HTML_ONLY,PENIS_ENLARGE,USERPASS autolearn=no version=2.60
X-Spam-Report: *  1.2 BANG_EXERCISE BODY: Talks about exercise with an
 exclamation!   *  1.1 PENIS_ENLARGE BODY: Information on getting larger
 penis/breasts  *  0.3 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body"
 tags   *  0.0 HTML_MESSAGE BODY: HTML included in message      *  0.1 
HTML_FONT_BIG
 BODY: HTML has a big font      *  0.4 HTML_TAG_BALANCE_HTML BODY: HTML has
 unbalanced "html" tags *  0.1 MIME_HTML_ONLY BODY: Message only has text/html
 MIME parts     *  0.4 HTML_FONT_INVISIBLE BODY: HTML font color is same as
 background     *  1.1 HTML_90_100 BODY: Message is 90% to 100% HTML    *  0.1
 HTML_FONTCOLOR_RED BODY: HTML font color is red        *  0.7 
MIME_HTML_NO_CHARSET
 RAW: Message text in HTML without charset      *  3.1 USERPASS URI: URL 
contains
 username and (optional) password       *  1.1 FORGED_OUTLOOK_HTML Outlook 
can't send
 HTML message only      *  1.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in 
this
 format

<html>
<body><kqvfnvdbjtaio>
<kmolxqmbxdi><center><koexirpdcpox>
<table width="580" border="0"><ksffwlwdymp>
<td>
<kdenzpeoxohsg><center><keewakthoqvdbhh><font face="Verdana" 
size="+1"><knolxuhdplthsm>
<b><klittigdtanlbx>T<kaaesacxatoyjc>her<kquqcfrbkfary>e i<kgsltmfchbimktc>s 
n<kfjbkcacwolyhwc>o ot<kgwmzrbddnkk>he<kicsuindybzlxv>r w<kdqwvzacjdavyz>ay to 
e<kppgenvdbou>n<kzfifjucaaldrm>la<kieyfsxcvmxqezc>r<kbdvmgqcbtgs>g<kvvntuyffdgjx>e
 
y<kqomwkpbueupcn>o<kntkzfudnlbvxub>u<kcwvmbiepxhpxee>r 
p<kdqvkfycildku>en<kubgmprbgwdtchj>i<klluhaqcsuqu>s.<kjznwjxbdfe>.<kppgnfobocg>.<kdadejvmxsjfc></b><kpuibazdtgqnoqb><br>
<font face="Arial" 
size="-2">P<koodnwxdeslkbrc>le<kxdhumfcwgsph>a<kdwqclybnctahtb>s<kokbaepbvvlgrcc>e
 <kbegijlbcqpgs><font 
color="#FF3333">S<kawgmuocvzbsuz>T<katvctrbaae>O<ktwnxqmchssdncd>P</font><font 
face="Verdana"><kcwifukbubv> a<ktpquypccean>n<khandypbsdud>d 
r<knlmpcjbxziqbv>ea<kkicjsuccnjb>d i<kolowhlbacs>f y<kiouwlgkotp>ou 
a<kahkmpydwqrnb>r<kuziepgbknkjd>e 
s<kwzvcjqbpgwxltc>e<kpxblfhbkcwdgoc>ri<kyzxdyocjwuy>ou<kxtxqkxcnzp>s<kccwmwibjqlxzxd>
 
a<kokgsckbcckgs>nd 
in<kqucpdxdceesde>te<kjxijbudsbxahld>re<kflaaqubapn>st<kbelktazungq>e<koexirkzybzr>d
 i<krcapgdbbrko>n 
g<kuxazmgblqw>ai<kiryzlgdwdpmp>ni<keoslymcmxjbv>n<knbnppscnvv>g 
l<kzehxcqcxlb>e<kalcpneboflbro>n<kmdnrtybnjxkd>g<kfdbemsdoydqxvc>t<kaqcnegdltv>h
 
an<kgrijkcdrhscu>d w<kioruwnmjxevn>id<kpiognecxdbbdzd>t<kcbosphbyhcaw>h 
t<kbpsugbbrck>o y<kyvnacpawzhblfc>ou<kvlbzhsddrwjkb>r 
p<kqvzsllcpvbg>e<kfnbcweqhdg>n<katrtztryhojs>i<kopmcrhdgffefsb>s<kjbionkbptxwf>!<klbtvwobmxbpgc>
</table><kmisqjkcvuomd><font color="#FFFFFF">rrppcabsgritd 
nvqepzshocxvk</font><kaiiqubvsdqvdc><br>
<kefuibbcwnge><table width="580" 
border="0"><td><kzkjefwvuil></center><ktprygnbsxgn>
<font face="Arial"><b>S<kbdcjzrcyzhsmj>to<kovdiqubelywxyd>p 
b<kutsiprbqoocfvh>uy<klicfycmxvnpqc>in<kifilticqnxdmwb>g 
p<kyzhujacdkp>um<kesdtukcmkaz>ps a<kcarpbbijdmvu>nd 
d<kgiqhwdivjk>oi<kgfbmtxbhoeelyv>n<kexuzmwcuraumux>g 
u<kqojhmbcdltl>se<kxhhwcacymfyknb>le<kwvhpznbyswwb>s<kfsqumtdywto>s 
ex<kiyhblwbktqhsq>er<kbbfatxcfxnjc>ci<kjplcwgbxzry>se<ktjkxzpbfshzqcd>s<krcxlhfcnru>!<kmzwftdcmxg></b><kxlzudzdmxumll><br>
<kcsdptpdaes>Th<kgtkejjbobopkf>es<kcwewijbxruymr>e 
m<kcjbzeecrcb>et<kvvanlnckumzr>ho<koinjxebthg>d<krycsdocoahsymc>s 
w<kqxlaxibvwgjo>il<kmganmkbyegeivd>l n<kbhiskecvulee>ot 
w<kywyvuxfjruv>or<klvzopiwozqlgd>k i<kjqhxvncxsth>n a 
<kcrpyuqdhbnf>mi<kmptmazbzvqgcv>ll<kahwjrbbymzrfh>io<krkwttqbsqodgh>n 
y<kbwirevcsvqwh>ea<konpzmpqwmg>rs<ktoqzohjjdnzh>.<kwbfpsectyvlxwc>.<kcumkblufimv><br><br>
O<kosbtmkbgoloffo>u<kqiescsbytbhfa>r 
p<kartbaadsufbms>i<kbfhwpbcpgbdeg>l<kwrwyjxdzqp>l<kdryuqkcitslym>s<kxvpfjxdjreabf>
 o<klumikrcewmk>r 
pa<kpmyzjlsmgr>t<kaercmvcfsssuad>c<kckiknvsluogsdy>h<kxofizocmkpbr>e<kibezqscbawkz>s<ksosvewxvout>
 w<kgbqcaqcmblwqqc>i<kjlkyqjukzif>ll<kwekraablabppvd> 
d<kgehttydyqot>o a<kqeairkdyvhcenc>ll<kzrpaancuzsnbp> th<kfttdesdawmcm>e 
w<kxmdrmcdpwc>or<kvmkxutdulsu>k f<kplpjrqbclesjg>or 
y<ktwsuarlbrssdes>ou<kwpggnuborfan>. P<kerpyfqbaxaef>lu<keogqhqdarh>s 
t<ktlifcdsmmul>o t<kzvdabtckshb>o<kxfnvpacibvp>p i<klzadwidnelg>t 
o<knshjovcdeveexd>f<klcnxvpckqm>f<kncfzocbqye>,<kfqrlgdvoghaqh>
i<kkkvlltcwtylfvd>f y<kmtusqhbjbzek>ou<klklccwetepn> 
a<kruqwebtzyojfjd>r<kppuzvdrzxtgo>e n<kymtwdbzymgbf>o<klkhuqpcmpmebs>t<br> 
s<kzigthsdncg>at<klfgxxhbngiep>is<kdozsybdfbvpssb>fi<kphltjwaknig>e<krmnulvzmmnhxq>d
 w<kvifbqlxaic>it<kaisqewbglp>h 
a<ketimxkbtgoc>ny<kpxceswjkizavcp> o<kqhfsxgswqc>f o<klziptdfwumth>ur 
<kvaowdwoewibpc>p<krpcbkzbjhnn>r<kmslnfxbmbb>o<kwqtyflblrn>d<kwikgwkclxs>u<kuxqwqlciuojsi>ct<kdlrbtbczehrkb>s<kfmkbxsgpxgq>,<kodpnctojgfrmj>
 <kfwvesnbsxtdag>s<ktxquwubyrl>im<kbavinkbumkqzrb>pl<kesqaagbbjfk>y 
c<kkgntgxspyhw>on<khktntdkiogjl>ta<kgtuxfxdbhg>c<kgsdjjbrjciw>t<kbpgtuhlsyp> 
<khkvsvbdvzfdqfd>u<klksyhgboqcpcf>s f<kygtbnmczinxr>o<knyezeqclsufm>r a 
<kraxqoacikoxp><b><kbdhbzfsqduend>1<kfstdrccact>0<kafapibbiogz>0<klopjdtdzthvvzd>%<kvlwujdhvgoeac>
 
<kksjebecgxa>r<kpgrruhbifyrz>e<kqnohfddkynw>f<kwkmgdkdmfnxlv>u<kwwlrrxdfoxml>n<kjmpxqectvu>d.<kofhxtipoywp></b><kgtsdwsdotk></td><kwgytwnbmbfikv>
</table><kkhaoppcnruk>
<font color="#FFFFFF">pyjvwqbavc zqzsvibjadqp</font>
<kloljsmdlymtfj><table width="580" border="0"><kurbeurcnjmnl>
<td><kzglogfvukfofdw><center><kitnxpgxldxjc><font face="Verdana" size="+1">
<kchaaupdvusgmpc><a href="http://address@hidden/info/p/";><kxmttcycyutkwz>
<kojfmldbhifqtgc>-<kptcigkdjei>-<klkbvogmhvm>><kaqdeccqymgfr> 
L<knibaeodkcw>e<knysudwbbluo>a<kqlorcecsfw>r<kbcrcjfdoot>n<kvhshwcdmqhx> 
m<kaxbahhbxkt>or<kfiuqrfddvz>e 
a<kpewkpichfor>bo<kfjwocwdfnmuhm>u<kbobgqdjeonopcc>t 
<keunfgbfhprux>p<kreoclbdiek>e<kdjpkxidfpbjxcb>n<kgsntevhouudgcq>i<kskthymcmcsaeh>s
 
<kfuqqjacmcxwho>p<kfwgblmxvskbzbj>a<kzifisbcieb>t<kthcnrcbzxtatw>c<kmhwhfjfrbhfncy>h<kbaayyydzxfytub>e<kktlbqfbwvu>s<kogwqmgbxpcxo>
 
<keanskauwsix>h<kwhuqcaeqyd>e<keqlibxcrcbgifv>r<kqavkkldrdjxvab>e<kdrtiqqblok>.<khuiqlgcvuypys>.<khlmmcrbiui>.<kjqrsqugwcqyg>.<kpzhlusdbbsrcw>.<kpgczdqdzcp>.<kvfoiqxduqa>
 
<kjouguobwlu><<kgjblcwpgthhbdi>-<kiienviuqyeapdj>-<kncwgbadmtpdc></a><kljxzivdzdetld></td><khuoebibhihqd><tr>
<td><center><font face="Verdana" size="+1">
<a href="http://address@hidden/info/v/";><ktzdqnfcyyslook>
<kuwhiplcrvkn>-<kfgsydqcmbm>><klhkeenchuuotud> 
<kmvstqqocnq>L<ksglpklbtsqrx>e<ktyeweabrhamug>a<kbpwrtibtvxhbr>r<kgkmppgbtudjb>n<kvjfdztdfao>
 <kxokocmshefjft>m<kllaitndslwe>o<kebyimrcaunabs>r<kvxdnlhcopv>e<kbfenpgbomaij> 
<kkvcuzddbdwr>a<kpdwbmedozddehd>b<kuyatzhblxwug>o<kbrwmpnyzrymqdp>u<keagwhfcexbyw>t<kjsovwjdducy>
 
<krlqgekcppacktd>h<knoyddkbtkvks>e<kgfdnodnbyt>rb<kyzzekadcyviq>a<kpgoxzgezmvx>l<ktdrwbvdhimxnq>
 
<kifggsdbicbvqj>p<kxodeoecjnbhbnd>e<kvzrkkkdmsnomt>n<kygjlgkaonmtdn>i<kkshwekbryiot>s<kxtllxsdzwopov>
 
<kvgyjzvdgjbn>p<kradrecdfxcsotd>i<knxuzrmccnkyg>l<ksgcaarcuuz>l<kpdvthscxzot>s<kzhjqckblxxllgl>
 
<kbngkbyxklbixcf>h<ktdnqfrcotkwf>e<kopgflkbtbps>r<krgxkbeujlfw>e<kaeceybesmyzlb>.<kixmkdmdunnpvv>.<kmtlhmqdkxanmpb>
 
<kuzgrpuoiarilbk><<kuzyyjbdzihb>-<kxfltkuduag></a></td><kpzpvtrcfkzhw></table><kissjbqddkkswhc>
<kjplylqbvkn><font color="#FFFFFF">nifboabmtueh 
rrybqcbefqk</font><krhugylchsl><p><kfuwvztgjyrm><p><kvqmnizctup>
<kvlbuwsbfwnfieb><font face="Arial" size="-2"><a 
href="http://address@hidden/info/out.html";><knvcjqibukafwwe>U<kohsyfbbjoyiuu>n<ksydsdzclbc>s<ksrzxkkpynzjs>u<kqpehdhlumprhce>b<kzkkfxbddeao>s<knsntmqctxuvt>c<kibkzrkdssrl>r<khfnjqavauze>i<kghiudwdsloep>b<kkoqhswdybr>e<kempfoedayhdzgb>
 
<khifsipecuarbze>m<kdconumchoqpgm>e<kjxmfbjccnrq> 
<knsphsnbappfd>p<kmxqdnpbjflgbdp>l<kgzvmpydhahycyb>e<kpgfhtlbuvhk>a<kwmnbhybnxdqo>s<kevugwbdjhdfaa>e<ktmevtsdcabfjjc>.<kidjhfabxmbqth></a><kibkmtibcjh></font>

pgpEJZpCD3Vcz.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[tpop3d-discuss] SSL and 7BIT enconding, Jens Liebchen (ppp-design), 2003/10/27
- Re: [tpop3d-discuss] SSL and 7BIT enconding, Dave Baker, 2003/10/27
- Re: [tpop3d-discuss] SSL and 7BIT enconding, Dave Baker, 2003/10/27
  - Re: [tpop3d-discuss] SSL and 7BIT enconding, Jens Liebchen (ppp-design) <=

Prev by Date: Re: [tpop3d-discuss] SSL and 7BIT enconding
Next by Date: [tpop3d-discuss] Help with incorrect received date on microsoft clients
Previous by thread: Re: [tpop3d-discuss] SSL and 7BIT enconding
Next by thread: [tpop3d-discuss] Help with incorrect received date on microsoft clients
Index(es):
- Date
- Thread