Announcement

Collapse
No announcement yet.

Gamma Emails Being Returned - Bad Headers - Please Help!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Paul_M
    Senior Member
    • Oct 2001
    • 242

    Gamma Emails Being Returned - Bad Headers - Please Help!

    Hello there, since upgrading Beta 7 to Gamma I've had a lot of emails bounce back (subscription, activation, you name it). I thought this might be coincidence, but I've had two emails today that explain WHY they're being bounced, can you please help.

    This has not been a problem with previous vB's, even Beta 7 etc.

    Emails are:

    ---------------

    Attention: [email protected]


    A problem was found in an Email message you sent.
    This Email scanner intercepted it and stopped the entire message
    reaching its destination.

    The problem was reported to be:

    Disallowed characters found in MIME headers


    Please contact your IT support personnel with any queries regarding this
    policy.


    Your message was sent with the following envelope:

    MAIL FROM: [email protected]
    RCPT TO: ***@pipeline.com.au

    ... and with the following headers:

    ---
    MAILFROM: [email protected]
    Received: from 216.93.169.190 (HELO cooper.mini2.com) (216.93.169.190)
    by wipeout.pipeline.com.au with SMTP; 12 Dec 2003 21:01:32 +1100
    Received: (qmail 3571 invoked by uid 2526); 12 Dec 2003 10:02:17 -0000
    Date: 12 Dec 2003 10:02:17 -0000
    Message-ID: <[email protected]>
    To: ***@pipeline.com.au
    Subject: Reply to post 'New MC has arrived (at last!)'
    From: "MINI2 Forums Mailer" <[email protected]>
    Content-Type: text/plain; charset="ISO-8859-1"
    Content-Transfer-Encoding: 8bit
    X-Priority: 3
    X-Mailer: vBulletin Mail via PHP


    ---------------------

    The other email said this:


    ------------

    Greetings,

    One of your list members on the mini2.com list (**@motorists.org) receives mail through a server I
    run.

    The messages from your list have a flaw that is causing us some problems. The header is flawed,
    which creates a potential vulnerability. Here is a description of the problem from
    http://www.declude.com/Virus/manual.htm:

    ***
    Outlook 'CR' Vulnerability: This vulnerability occurs when an E-mail contains a single 'CR'
    character within the E-mail headers (as opposed to a 'CR' followed by an 'LF', which is used to end
    a line in SMTP). Outlook can treat this as the end of the headers, which would allow Outlook to see
    a virus that was embedded in the headers. RFC2822 2.2 says that CR and LF characters cannot appear
    alone in the headers. Also, there is no legitimate reason for an E-mail to contain a lone 'CR' in
    the headers.
    ***

    In short, messages that have this problem in the header could contain a virus. We have no choice but
    to block these messages, as the only easy way to find out if messages with this problem actually
    contain a virus is download the message with Outlook and see if the machine gets infected. While I
    am sure your messages don't contain a virus, we have a policy that we cannot let these messages
    through. After all, if your machines became infected through this vulnerability, mail you send to
    our server very well could contain a virus.

    We are probably a bit ahead of the curve on this, but this issue really should be fixed as more and
    more ISP will start blocking such messages as we do.

    I would be happy to try to help you fix this problem. While I can't claim to be an expert in these
    issues, I work with a number of people who have been quite successful in solving this problem and
    they can assist us.

    Paul Navarre
    Net Interaction

    -----------

    I've searched but cant find this mentioned elsewhere, in bug tracker etc.
    Trained Monkeys
  • Mike Sullivan
    Former vBulletin Developer
    • Apr 2000
    • 13327
    • 3.6.x

    #2
    I don't see anything in our code that generates a CR without a LF immediately afterwards. And we specifically make sure that messages contain only CRLFs (not that those would be in the header anyway).

    Can you perhaps point Paul (from Net Interaction) my way so we can figure out what's going on? We added the content encoding/charset lines for gamma, but those both definitely have CRLFs after them.

    Comment

    • Freddie Bingham
      Former vBulletin Developer
      • May 2000
      • 14057
      • 1.1.x

      #3
      Do you know which email was causing this response or which specific header is followed by a \r only? Looking at the email headers I see 6 lines with each line terminated with \r\n (CRLF).

      Comment

      • Freddie Bingham
        Former vBulletin Developer
        • May 2000
        • 14057
        • 1.1.x

        #4
        Well, here would be the cause:

        http://www.vbulletin.com/forum/showthread.php?t=88337

        Comment

        • Paul_M
          Senior Member
          • Oct 2001
          • 242

          #5
          I got those emails BEFORE I made that change from \r\n to just \n.

          After making that change nothing more has been returned, if that fixed it or not I do not know.

          Would changing the \r\n to \n lines possibly cure this (if so why?) as it appears it may have?
          Trained Monkeys

          Comment

          • Paul_M
            Senior Member
            • Oct 2001
            • 242

            #6
            The bounce from pipeline.com.au was a normal "subscription notification of reply " email, the other (from the other Paul) appears to be triggered by a number of forum generated emails.

            Mike, how should I get him to contact you?
            Trained Monkeys

            Comment

            • Mike Sullivan
              Former vBulletin Developer
              • Apr 2000
              • 13327
              • 3.6.x

              #7
              Haven't looked into anything to confirm this, but it seems like it might've been a PHP bug at some point, as we haven't been effected by either issue mentioned here (to my knowledge).

              IIRC, \n for breaks between headers goes against the RFC; \r\n is the correct value. Why you're getting a bare CR makes no sense to me, unless PHP, at one point, tried to fix \n -> \r\n and had a bug in it (eg, if we had \r\n and it missed the \r for some reason, it would've translated as \r\r\n, which would exhibit the problem).

              Comment

              • Mike Sullivan
                Former vBulletin Developer
                • Apr 2000
                • 13327
                • 3.6.x

                #8
                Mike, how should I get him to contact you?
                Have him email me please, mike AT vbulletin DOT com (not like that is going to stop spam from coming ). I'm going to need to know the specific line where the bare CR is (or the actual emails headers if he still has them.

                Comment

                • Paul_M
                  Senior Member
                  • Oct 2001
                  • 242

                  #9
                  Originally posted by Mike Sullivan
                  Have him email me please, mike AT vbulletin DOT com (not like that is going to stop spam from coming ). I'm going to need to know the specific line where the bare CR is (or the actual emails headers if he still has them.
                  Will do, thanks for your help.

                  Paul

                  Oh, www.mini2.com/phpinfo.php if that's any help too.

                  I'm still on 4.2.2
                  Trained Monkeys

                  Comment

                  • thewitt
                    Senior Member
                    • Mar 2001
                    • 435
                    • 3.0.0 Gamma

                    #10
                    Though I don't know if it's related or not, approximately 20% of the members who have joined my new test forums are not getting their confirmation emails.

                    I can send them mail from other scripts on the server - non-VB scripts - but they don't seem to be getting any vB mail now under Gamma.

                    -t
                    Tim Hewitt
                    myOstrich Internet - Domain Management & Internet Services
                    myOstrich Golf - When it comes to golf, we don't have our heads in the sand.

                    Comment

                    • Mike Sullivan
                      Former vBulletin Developer
                      • Apr 2000
                      • 13327
                      • 3.6.x

                      #11
                      I did some searching and actually found 2 PHP bugs that seem to be related:
                      http://bugs.php.net/bug.php?id=25254&edit=1
                      http://bugs.php.net/bug.php?id=23507&edit=1

                      Both mention 4.3.3 though, but they do mention the exact symptoms mentioned here. (I only looked back to 4.3.2 though.)

                      Comment

                      • Paul_M
                        Senior Member
                        • Oct 2001
                        • 242

                        #12
                        Mike, Paul said he will be emailing you (he may have already).

                        This wasn't a problem with Beta 7 and nothing on the server has changed between then and gamma installation.

                        Trained Monkeys

                        Comment

                        • Paul_M
                          Senior Member
                          • Oct 2001
                          • 242

                          #13
                          I just got an emai from vBulletin.nl and they're suffering too:

                          Content-Transfer-Encoding: 8bit
                          X-Priority: 3
                          X-Mailer: vBulletin Mail via PHP

                          Hey there mini2!

                          Welcome to the http://www.vBulletin.nl/community/ web site.

                          Please note that the vBulletin.NL web site is NOT an official vBulletin web site,
                          we are just a fun chit chat, vb3 hacking and modding, graphics and design - fan site covering vB-topics.

                          I noticed you recently registered with the intent to participate, I welcome this!

                          Let me provide some information:

                          <snip>
                          Trained Monkeys

                          Comment

                          • John.Ross
                            Senior Member
                            • Jan 2003
                            • 405
                            • 5.7.0

                            #14
                            Originally posted by Paul_M
                            I just got an emai from vBulletin.nl and they're suffering too:

                            Content-Transfer-Encoding: 8bit
                            X-Priority: 3
                            X-Mailer: vBulletin Mail via PHP

                            Hey there mini2!

                            Welcome to the http://www.vBulletin.nl/community/ web site.

                            Please note that the vBulletin.NL web site is NOT an official vBulletin web site,
                            we are just a fun chit chat, vb3 hacking and modding, graphics and design - fan site covering vB-topics.

                            I noticed you recently registered with the intent to participate, I welcome this!

                            Let me provide some information:

                            <snip>
                            Paul, I did not get the header parts as you did

                            Hey there john_rsd!

                            Welcome to the http://www.vBulletin.nl/community/ web site.

                            Please note that the vBulletin.NL web site is NOT an official vBulletin web site, we are just a fun chit chat, vb3 hacking and modding, graphics and design - fan site covering vB-topics.

                            I noticed you recently registered with the intent to participate, I welcome this!

                            Let me provide some information:
                            This was the header information but I had to go view it, it was not included as part of the message text

                            Received: from [207.44.238.61] (helo=sirenhost.com)
                            by metaphos.btinternet.com with smtp (Exim 3.22 #25)
                            id 1AVR15-0003gM-00
                            for [email protected]; Sun, 14 Dec 2003 07:50:15 +0000
                            Received: (qmail 8665 invoked by uid 48); 14 Dec 2003 07:49:47 -0000
                            Date: 14 Dec 2003 07:49:47 -0000
                            Message-ID: <[email protected]>
                            To: [email protected]
                            Subject: Hey, you just registered on vbulletin.nl
                            From: "[email protected]" <[email protected]>
                            Content-Type: text/plain; charset="ISO-8859-1"
                            Content-Transfer-Encoding: 8bit
                            X-Priority: 3
                            X-Mailer: vBulletin Mail via PHP
                            Status:
                            Just thought I would post this as the emails came from the same source/mailer, just different routes after that
                            Last edited by John.Ross; Sun 14 Dec '03, 7:45am.
                            Thanks In Advance

                            John

                            Comment

                            • Paul_M
                              Senior Member
                              • Oct 2001
                              • 242

                              #15
                              I'm using Outlook Express 6.00.2800.1123 and Windows XP.


                              The headers for me of course are the same, up to the point they get shifted into the emai messagel...

                              Return-Path: <[email protected]>
                              Delivered-To: [email protected]
                              Received: (qmail 15074 invoked from network); 14 Dec 2003 07:51:52 -0000
                              Received: from unknown (HELO sirenhost.com) (207.44.238.61)
                              by mini2.com with SMTP; 14 Dec 2003 07:51:52 -0000
                              Received: (qmail 8772 invoked by uid 48); 14 Dec 2003 07:49:51 -0000
                              Date: 14 Dec 2003 07:49:51 -0000
                              Message-ID: <[email protected]>
                              To: [email protected]
                              Subject: Hey, you just registered on vbulletin.nl
                              From: "[email protected]" <[email protected]>
                              Content-Type: text/plain; charset="ISO-8859-1"
                              Trained Monkeys

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              😀
                              🥰
                              🤢
                              😎
                              😡
                              👍
                              👎