Some email bypass spamasssassin

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-15 01:47

Ah...had a bright moment...

Total spam score 6 is above the configured threshold? Although your logs should show the rejection reason in that case, but don't...
Not all checks are run if the threshold is reached

Code: Select all

         if (iTotalScore >= iMaxScore)
         {
            // Threshold has been reached. No point in running any more tests.
            break;
         }
https://github.com/hmailserver/hmailser ... pp#L92-L96
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
jim.bus
Senior user
Senior user
Posts: 1137
Joined: 2011-05-28 11:49
Location: US

Re: Some email bypass spamasssassin

Post by jim.bus » 2022-08-15 02:19

RvdH wrote:
2022-08-15 01:33
Jim, it is simply impossible, period :!:
Probably you f*cked up somehow, but your claim is pure nonsense

if SA is enabled your logs ALWAYS should read:

Code: Select all

"TCPIP"	3200	"2022-08-15 01:27:18.206"	"Connecting to 127.0.0.1:783..."
"DEBUG"	7564	"2022-08-15 01:27:20.269"	"Failed to connect to SpamAssassin. Session 45"
or

Code: Select all

"TCPIP"	3200	"2022-08-15 01:27:21.284"	"Connecting to 127.0.0.1:783..."
"DEBUG"	7564	"2022-08-15 01:27:22.816"	"Sending message to SpamAssassin. Session 46, File: C:\Program Files\hMailServer\Data\{759FD7F0-66EA-4DAA-84C2-C1634E7A9311}.eml"
I agree with you but those are all the Log Entries for that one email Message. I have all my Logs Enabled (standard practice for me) and there are no Error Logs produced. The only peculiar thing I've been able to identify is that in my hMailAdmin set up for antispam the Delete Threshold was set to 0 (I have changed that now to 100). Do you see any lines of code resembling the Code Section you gave as example. I am well aware of how to identify when hMailServer connects to Spamassassin. That is why I am saying I see no indication of an attempt to connect to Spamassassin.

I have looked at an example of my Log Entries where Spamassassin was called and I note there, all the Spamtests performed before the call to Spamassassin produced a SPAM Score of 0.

So in this example where Spamassassin wasn't called the difference seems to be that the SPAM tests prior to where Spamassassin would be called have already set a SPAM Test Score of 6 which exceeds the SPAM Mark Threshold of 5. So in this case since the Total SPAM Test Score of 6 exceeds the SPAM Delete Threshold of 0, the message should have actually been DELETED which hMailServer didn't do. Instead hMailServer just marked it as SPAM. Normally one would expect the SPAM Delete Threshold to be greater than the SPAM Mark Threshold but this isn't the case in this example. This smacks of a coding logic error in hMailServer code so I speculated that this might be the reason why Spamassassin wasn't called and the message was allowed accepted and not deleted. And as I stated earlier in the past, at least before installing Build 2602, I had the SPAM Delete Threshold set at 50 I believe but in any event it was set higher than the SPAM Mark Threshold. Whether I accidentally changed the SPAM Delete Threshold to 0 or the Build 2602 installation defaulted it to 0 I can't say for sure but we do know when the Builds implementing TLSv1.3 were done, it was forgotten to default TLSv1.3 enabled and we have to tell everyone to go back and enable it when they create Forum problem topics.

Edited after submitting and seeing how you had vindicated my theory in this post which was being completed while you had your 'bright' moment (no criticism intended) and saw the coding error I was speculating about.

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-15 08:31

RvdH wrote:
2022-08-15 01:47
Ah...had a bright moment...

Total spam score 6 is above the configured threshold? Although your logs should show the rejection reason in that case, but don't...
Not all checks are run if the threshold is reached

Code: Select all

         if (iTotalScore >= iMaxScore)
         {
            // Threshold has been reached. No point in running any more tests.
            break;
         }
https://github.com/hmailserver/hmailser ... pp#L92-L96
A setting won't magically change after a upgrade, so this means you had to have set delete threshold with value of 0, manually, by mistake


deleteThreshold > 0 :!:

Code: Select all

      if (deleteThreshold > 0 && iTotalSpamScore >= deleteThreshold)
      {
	...
      }
      else if (markThreshold > 0 && iTotalSpamScore >= markThreshold)
https://github.com/hmailserver/hmailser ... #L743-L800

Above behaviour is not completely in line with what the docs say, right? (when deleteThreshold = 0)
Spam mark threshold
When hMailServer runs spam protection, each spam protection mechanism gives a score. If the total score of the message exceeds this value - but stays below Spam delete threshold, the message will be marked as spam.
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
jimimaseye
Moderator
Moderator
Posts: 9587
Joined: 2011-09-08 17:48

Re: Some email bypass spamasssassin

Post by jimimaseye » 2022-08-15 09:01

RvdH wrote:
2022-08-15 01:33
Jim, it is simply impossible, period :!:
Probably you f*cked up somehow, but your claim is pure nonsense
And yet his claim matches the same of the original poster.

There seems to be a pattern. Now to figure out why.

Obvious question: was 'Use Spamassassin' enabled at the time?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-15 09:02

FYI, it also distinguishes between pre or post transmission spamchecks
https://github.com/hmailserver/hmailser ... #L743-L800

The pre transmission checks are always ran, post transmission spamchecks (this is SA) only if (iTotalScore < iMaxScore), as the deletetThreshold was 0 this was never executed
Last edited by RvdH on 2022-08-15 09:18, edited 1 time in total.
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-15 09:04

jimimaseye wrote:
2022-08-15 09:01

There seems to be a pattern. Now to figure out why.
don't set the delete threshold to 0 :lol:
jimimaseye wrote:
2022-08-15 09:01
And yet his claim matches the same of the original poster.
Simply claim the OP's question matches jim's issue is ridiculous, it lacks any essential information or (complete) logs, it might be but with the information given it is impossible to tell
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
jimimaseye
Moderator
Moderator
Posts: 9587
Joined: 2011-09-08 17:48

Re: Some email bypass spamasssassin

Post by jimimaseye » 2022-08-15 09:22

RvdH wrote:
2022-08-15 09:04
Simply claim the OP's question matches jim's issue is ridiculous, it lacks any essential information or (complete) logs, it might be but with the information given it is impossible to tell
I agree. Same symptom (claim) but not necessarily the same root cause. More analysis required before that can be determined.

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jim.bus
Senior user
Senior user
Posts: 1137
Joined: 2011-05-28 11:49
Location: US

Re: Some email bypass spamasssassin

Post by jim.bus » 2022-08-15 10:10

jimimaseye wrote:
2022-08-15 09:01
RvdH wrote:
2022-08-15 01:33
Jim, it is simply impossible, period :!:
Probably you f*cked up somehow, but your claim is pure nonsense
And yet his claim matches the same of the original poster.

There seems to be a pattern. Now to figure out why.

Obvious question: was 'Use Spamassassin' enabled at the time?
My Spamassassin was enabled.

It appears the triggering cause was the incorrect Spam Delete Threshold Setting of 0 which apparently caused Spamassassin not to be executed. I had noticed the point that the Original Poster's claim did not necessarily match my situation (which is why I did not refer back to the Original Poster's claim) because he did not post Logs showing the possible cause as my logs and setup showed. My point was that the Delete Threshold apparently was the most likely culprit for the cause. If the cause can be verified, I think the question now is, does the current code support this behavior we are seeing and if not how would it be fixed?

I may be able to somewhat verify if Delete Threshold Score is the culprit. I regularly get email from this sender which regularly but not always is marked as Spam. I'll try to remember to check for it in the next day or so to see if Spamassassin is run or not. If the culprit was the Delete Threshold score = 0 then if this sender's email is marked as Spam which it did get marked frequently then Spamassassin should run because as I stated I have now set my Delete Threshold to 100 which should exceed any Spam Score my senders generate. I can then post back to you the results.

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-15 10:49

I believe i answered above :!: :?:
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-15 13:55

Mmmm... i got one myself just now (similar to jim's), i noticed it had a large attachment

@jim
how big was that mail compared to Maximum message size to scan (KB) defined in anti-spam settings?
That might be another showstopper for SA (all other checks, eg: DNSBL, URLBL, DKIM. SPF are still performed as these are checked on transmission, eg: before the size is known)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
katip
Senior user
Senior user
Posts: 1051
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Some email bypass spamasssassin

Post by katip » 2022-08-15 16:17

RvdH wrote:
2022-08-15 13:55
Mmmm... i got one myself just now (similar to jim's), i noticed it had a large attachment
was my headache once.
https://www.hmailserver.com/forum/viewt ... 22&t=36082
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 3.4.4, ClamAV 0.103.5

User avatar
jim.bus
Senior user
Senior user
Posts: 1137
Joined: 2011-05-28 11:49
Location: US

Re: Some email bypass spamasssassin

Post by jim.bus » 2022-08-15 18:53

RvdH wrote:
2022-08-15 13:55
Mmmm... i got one myself just now (similar to jim's), i noticed it had a large attachment

@jim
how big was that mail compared to Maximum message size to scan (KB) defined in anti-spam settings?
That might be another showstopper for SA (all other checks, eg: DNSBL, URLBL, DKIM. SPF are still performed as these are checked on transmission, eg: before the size is known)
I had already answered that question before.
Total Size of Message as reported in Outlook 247 KB.

Maximum message size to scan = 1024 KB.
So, message size was not a factor in bypassing the execution of Spamassassin

Don't know how this affects the situation but this morning I was noticing in another email message not related to the issue that after the builtin Spam Tests were done and after the RCPT TO command, the subsequent SPAM Tests (SURB and DKIM) did not show a Total Spam Score accumulation. All you see in the Logs are the individual SURBL and DKIm SPAM Test Scores. However right after completion of the builtin SPAM Tests performed after the Mail From command a Total SPAM Score is shown in the Logs.

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-16 00:05

jim.bus wrote:
2022-08-15 18:53
I had already answered that question before.
So know you know how it feels :mrgreen:
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
jim.bus
Senior user
Senior user
Posts: 1137
Joined: 2011-05-28 11:49
Location: US

Re: Some email bypass spamasssassin

Post by jim.bus » 2022-08-16 07:45

I promised to show my Logs for the same type of email message now that I changed the Delete Threshold to 100 instead of 0 as it had been when Spamassassin had not been executed.

Here are my Logs and do note that Spamassassin is now executed after I set the Delete Threshold to 100. The only change I made was to change Delete Threshold from 0 to 100.

Code: Select all


"TCPIP"	119908	"2022-08-15 18:34:43.808"	"TCP - 156.70.63.117 connected to 192.168.x.x:25."
"DEBUG"	119908	"2022-08-15 18:34:43.808"	"TCP connection started for session 403"
"SMTPD"	119908	403	"2022-08-15 18:34:43.808"	"156.70.63.117"	"SENT: 220 Pleased To Meet You"
"SMTPD"	141316	403	"2022-08-15 18:34:44.074"	"156.70.63.117"	"RECEIVED: EHLO mta-70-63-117.sparkpostmail.com"
"SMTPD"	141316	403	"2022-08-15 18:34:44.074"	"156.70.63.117"	"SENT: 250-mail.domain.com[nl]250-SIZE 25600000[nl]250-STARTTLS[nl]250 HELP"
"SMTPD"	119908	403	"2022-08-15 18:34:44.121"	"156.70.63.117"	"RECEIVED: STARTTLS"
"SMTPD"	119908	403	"2022-08-15 18:34:44.121"	"156.70.63.117"	"SENT: 220 Ready to start TLS"
"DEBUG"	141316	"2022-08-15 18:34:44.121"	"Performing SSL/TLS handshake for session 403. Verify certificate: False"
"TCPIP"	141316	"2022-08-15 18:34:44.245"	"TCPConnection - TLS/SSL handshake completed. Session Id: 403, Remote IP: 156.70.63.117, Version: TLSv1.2, Cipher: ECDHE-ECDSA-AES128-GCM-SHA256, Bits: 128"
"SMTPD"	141316	403	"2022-08-15 18:34:44.292"	"156.70.63.117"	"RECEIVED: EHLO mta-70-63-117.sparkpostmail.com"
"SMTPD"	141316	403	"2022-08-15 18:34:44.292"	"156.70.63.117"	"SENT: 250-mail.jbsbtech.com[nl]250-SIZE 25600000[nl]250 HELP"
"SMTPD"	129996	403	"2022-08-15 18:34:44.339"	"156.70.63.117"	"RECEIVED: MAIL FROM:<msprvs1=19227wBKwLKPo=bounces-298270@bounce.classmates.com>"
"TCPIP"	129996	"2022-08-15 18:34:44.421"	"DNS lookup: 117.63.70.156.zen.spamhaus.org, 0 addresses found: (none), Match: False"
"TCPIP"	129996	"2022-08-15 18:34:44.500"	"DNS lookup: 117.63.70.156.bl.spamcop.net, 0 addresses found: (none), Match: False"
"DEBUG"	129996	"2022-08-15 18:34:44.500"	"Spam test: SpamTestDNSBlackLists, Score: 0"
"DEBUG"	129996	"2022-08-15 18:34:44.531"	"Spam test: SpamTestHeloHost, Score: 0"
"DEBUG"	129996	"2022-08-15 18:34:44.613"	"Spam test: SpamTestSPF, Score: 0"
"DEBUG"	129996	"2022-08-15 18:34:44.614"	"Total spam score: 0"
"SMTPD"	129996	403	"2022-08-15 18:34:44.615"	"156.70.63.117"	"SENT: 250 OK"
"SMTPD"	141316	403	"2022-08-15 18:34:44.667"	"156.70.63.117"	"RECEIVED: RCPT TO:<user@domain.net>"
"SMTPD"	141316	403	"2022-08-15 18:34:44.668"	"156.70.63.117"	"SENT: 250 OK"
"SMTPD"	119908	403	"2022-08-15 18:34:44.720"	"156.70.63.117"	"RECEIVED: DATA"
"SMTPD"	119908	403	"2022-08-15 18:34:44.721"	"156.70.63.117"	"SENT: 354 OK, send."
"DEBUG"	148868	"2022-08-15 18:34:44.912"	"Adding task AsynchronousTask to work queue Asynchronous task queue"
"DEBUG"	145180	"2022-08-15 18:34:44.912"	"Executing task AsynchronousTask in work queue Asynchronous task queue"
"DEBUG"	145180	"2022-08-15 18:34:44.912"	"SURBL: Execute"
"DEBUG"	145180	"2022-08-15 18:34:44.912"	"SURBL: Found URL: w3.org"
"DEBUG"	145180	"2022-08-15 18:34:44.912"	"SURBL: Found URL: classmates.com"
"DEBUG"	145180	"2022-08-15 18:34:44.912"	"SURBL: Found URL: pplcnhld.com"
"DEBUG"	145180	"2022-08-15 18:34:44.912"	"SURBL: 3 unique addresses found."
"DEBUG"	145180	"2022-08-15 18:34:44.912"	"SURBL: Lookup: classmates.com.multi.surbl.org"
"DEBUG"	145180	"2022-08-15 18:34:45.005"	"SURBL: Lookup: pplcnhld.com.multi.surbl.org"
"DEBUG"	145180	"2022-08-15 18:34:45.099"	"SURBL: Match found"
"DEBUG"	145180	"2022-08-15 18:34:45.099"	"Spam test: SpamTestSURBL, Score: 6"
"DEBUG"	145180	"2022-08-15 18:34:45.146"	"DKIM: Message passed validation."
"DEBUG"	145180	"2022-08-15 18:34:45.146"	"Spam test: SpamTestDKIM, Score: 0"
"DEBUG"	145180	"2022-08-15 18:34:45.146"	"Creating session 415"
"TCPIP"	145180	"2022-08-15 18:34:45.146"	"Connecting to 127.0.0.1:783..."
"DEBUG"	148868	"2022-08-15 18:34:45.146"	"TCP connection started for session 415"
"DEBUG"	148868	"2022-08-15 18:34:45.146"	"Sending message to SpamAssassin. Session 415, File: D:\hMailServer\Data\{753A506C-4114-467C-93E4-AB07F19626D1}.eml"
"DEBUG"	148868	"2022-08-15 18:34:48.506"	"Parsing response from SpamAssassin. Session 415"
"DEBUG"	148868	"2022-08-15 18:34:48.506"	"SA - Copy+Delete used"
"DEBUG"	148868	"2022-08-15 18:34:48.506"	"Ending session 415"
"DEBUG"	145180	"2022-08-15 18:34:48.506"	"Spam test: SpamTestSpamAssassin, Score: 0"
"DEBUG"	145180	"2022-08-15 18:34:48.506"	"Total spam score: 6"
"DEBUG"	145180	"2022-08-15 18:34:48.506"	"Saving message: {753A506C-4114-467C-93E4-AB07F19626D1}.eml"
"DEBUG"	145180	"2022-08-15 18:34:48.963"	"Requesting SMTPDeliveryManager to start message delivery"
"SMTPD"	145180	403	"2022-08-15 18:34:48.963"	"156.70.63.117"	"SENT: 250 Queued (3.808 seconds)"
"DEBUG"	120384	"2022-08-15 18:34:49.103"	"Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG"	150868	"2022-08-15 18:34:49.103"	"Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG"	150868	"2022-08-15 18:34:49.103"	"Delivering message..."
"APPLICATION"	150868	"2022-08-15 18:34:49.103"	"SMTPDeliverer - Message 53731: Delivering message from msprvs1=19227wBKwLKPo=bounces-298270@bounce.classmates.com to user@domain.Net. File: D:\hMailServer\Data\{753A506C-4114-467C-93E4-AB07F19626D1}.eml"
"DEBUG"	150868	"2022-08-15 18:34:49.103"	"Applying rules"
"DEBUG"	150868	"2022-08-15 18:34:49.103"	"Performing local delivery"
"DEBUG"	150868	"2022-08-15 18:34:49.228"	"Applying rules"
"DEBUG"	150868	"2022-08-15 18:34:49.228"	"Forwarding message"
"DEBUG"	150868	"2022-08-15 18:34:49.228"	"Copying mail contents"
"DEBUG"	150868	"2022-08-15 18:34:49.228"	"Saving message: {8498506F-274F-4D3F-A013-8068A46B1ABC}.eml"
"DEBUG"	150868	"2022-08-15 18:34:49.886"	"Local delivery completed"
"DEBUG"	150868	"2022-08-15 18:34:49.886"	"Deleting message"
"DEBUG"	150868	"2022-08-15 18:34:49.949"	"Deleting message file."
"APPLICATION"	150868	"2022-08-15 18:34:49.949"	"SMTPDeliverer - Message 53731: Message delivery thread completed."
"SMTPD"	148868	403	"2022-08-15 18:34:54.006"	"156.70.63.117"	"RECEIVED: QUIT"
"SMTPD"	148868	403	"2022-08-15 18:34:54.006"	"156.70.63.117"	"SENT: 221 goodbye"

User avatar
jim.bus
Senior user
Senior user
Posts: 1137
Joined: 2011-05-28 11:49
Location: US

Re: Some email bypass spamasssassin

Post by jim.bus » 2022-08-16 07:57

RvdH wrote:
2022-08-16 00:05
jim.bus wrote:
2022-08-15 18:53
I had already answered that question before.
So know you know how it feels :mrgreen:
Well, I had to take opportunity to get you back didn't I. :mrgreen:

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Some email bypass spamasssassin

Post by SorenR » 2022-08-16 13:15

RvdH wrote:
2022-08-11 16:03
"ERROR" 6548 "2022-08-11 15:28:39.544" "Severity: 2 (High), Code: HM5508, Source: SpamTestSpamAssassin::RunTest, Description: The SpamAssassin tests did not complete. Please confirm that the configuration (host name and port) is valid and that SpamAssassin is running."
God damn :twisted:

Maybe i should not call EnqueueDisconnect(); after if (error.value() != boost::asio::error::eof){}
Been playing too... Got this (code change is in my github) ... The "boost::asio::error::eof ..." is every time (error == boost::asio::error::eof). This is from my BackupMX which is only relaying emails.

Code: Select all

"SMTPD"	5992	10	"2022-08-16 01:33:10.542"	"159.65.199.203"	"SENT: 220 My_PTR.fibianet.dk"
"SMTPD"	1408	10	"2022-08-16 01:33:10.542"	"159.65.199.203"	"RECEIVED: EHLO"
"SMTPD"	1408	10	"2022-08-16 01:33:10.557"	"159.65.199.203"	"SENT: 501 EHLO Invalid domain address."
"SMTPD"	5992	12	"2022-08-16 02:49:30.462"	"59.58.105.238"	"SENT: 220 My_PTR.fibianet.dk"
"SMTPD"	1408	12	"2022-08-16 02:49:30.977"	"59.58.105.238"	"RECEIVED: ehlo 4fupvwzapytthug1gijt1"
"SMTPD"	1408	12	"2022-08-16 02:49:31.134"	"59.58.105.238"	"SENT: 554 5.3.0 [BAD EHLO] Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means."
"APPLICATION"	1408	"2022-08-16 02:49:41.321"	"boost::asio::error::eof ..."
"SMTPD"	1408	12	"2022-08-16 02:49:41.321"	"59.58.105.238"	"RECEIVED: "
"SMTPD"	1408	12	"2022-08-16 02:49:41.321"	"59.58.105.238"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	5992	"2022-08-16 02:49:41.321"	"boost::asio::error::eof ..."
"SMTPD"	5992	12	"2022-08-16 02:49:41.321"	"59.58.105.238"	"RECEIVED: "
"SMTPD"	5992	12	"2022-08-16 02:49:41.321"	"59.58.105.238"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	1408	"2022-08-16 02:49:41.337"	"boost::asio::error::eof ..."
"SMTPD"	1408	12	"2022-08-16 02:49:41.337"	"59.58.105.238"	"RECEIVED: "
"SMTPD"	1408	12	"2022-08-16 02:49:41.337"	"59.58.105.238"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	5992	"2022-08-16 02:49:41.337"	"boost::asio::error::eof ..."
"SMTPD"	5992	12	"2022-08-16 02:49:41.337"	"59.58.105.238"	"RECEIVED: "
"SMTPD"	5992	12	"2022-08-16 02:49:41.337"	"59.58.105.238"	"SENT: Too many invalid commands. Bye!"
"SMTPD"	5992	19	"2022-08-16 06:25:43.387"	"64.62.197.92"	"SENT: 220 My_PTR.fibianet.dk"
"APPLICATION"	5220	"2022-08-16 06:25:43.559"	"boost::asio::error::eof ..."
"SMTPD"	5220	19	"2022-08-16 06:25:43.559"	"64.62.197.92"	"RECEIVED: "
"SMTPD"	5220	19	"2022-08-16 06:25:43.559"	"64.62.197.92"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	5220	"2022-08-16 06:25:43.559"	"boost::asio::error::eof ..."
"SMTPD"	5220	19	"2022-08-16 06:25:43.559"	"64.62.197.92"	"RECEIVED: "
"SMTPD"	5220	19	"2022-08-16 06:25:43.559"	"64.62.197.92"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	1408	"2022-08-16 06:25:43.559"	"boost::asio::error::eof ..."
"SMTPD"	1408	19	"2022-08-16 06:25:43.559"	"64.62.197.92"	"RECEIVED: "
"SMTPD"	1408	19	"2022-08-16 06:25:43.559"	"64.62.197.92"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	5220	"2022-08-16 06:25:43.559"	"boost::asio::error::eof ..."
"SMTPD"	5220	19	"2022-08-16 06:25:43.559"	"64.62.197.92"	"RECEIVED: "
"SMTPD"	5220	19	"2022-08-16 06:25:43.559"	"64.62.197.92"	"SENT: Too many invalid commands. Bye!"
"SMTPD"	5992	50	"2022-08-16 10:30:53.592"	"162.142.125.213"	"SENT: 220 My_PTR.fibianet.dk"
"SMTPD"	5220	50	"2022-08-16 10:30:53.701"	"162.142.125.213"	"RECEIVED: EHLO www.censys.io"
"SMTPD"	5220	50	"2022-08-16 10:30:53.810"	"162.142.125.213"	"SENT: 250-mail.lolle.org[nl]250-SIZE[nl]250 STARTTLS"
"SMTPD"	1408	50	"2022-08-16 10:30:53.920"	"162.142.125.213"	"RECEIVED: STARTTLS"
"SMTPD"	1408	50	"2022-08-16 10:30:53.920"	"162.142.125.213"	"SENT: 220 Ready to start TLS"
"SMTPD"	5992	57	"2022-08-16 12:08:50.038"	"139.162.99.243"	"SENT: 220 My_PTR.fibianet.dk"
"SMTPD"	5220	57	"2022-08-16 12:08:50.320"	"139.162.99.243"	"RECEIVED: HELLO"
"SMTPD"	5220	57	"2022-08-16 12:08:50.320"	"139.162.99.243"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	1408	"2022-08-16 12:08:50.601"	"boost::asio::error::eof ..."
"SMTPD"	1408	57	"2022-08-16 12:08:50.601"	"139.162.99.243"	"RECEIVED: "
"SMTPD"	1408	57	"2022-08-16 12:08:50.616"	"139.162.99.243"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	1408	"2022-08-16 12:08:50.616"	"boost::asio::error::eof ..."
"SMTPD"	1408	57	"2022-08-16 12:08:50.616"	"139.162.99.243"	"RECEIVED: "
"SMTPD"	1408	57	"2022-08-16 12:08:50.616"	"139.162.99.243"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	5220	"2022-08-16 12:08:50.616"	"boost::asio::error::eof ..."
"SMTPD"	5220	57	"2022-08-16 12:08:50.616"	"139.162.99.243"	"RECEIVED: "
"SMTPD"	5220	57	"2022-08-16 12:08:50.616"	"139.162.99.243"	"SENT: Too many invalid commands. Bye!"
"SMTPD"	5992	58	"2022-08-16 12:08:51.023"	"139.162.99.243"	"SENT: 220 My_PTR.fibianet.dk"
"SMTPD"	1408	58	"2022-08-16 12:08:51.304"	"139.162.99.243"	"RECEIVED: LISTa"
"SMTPD"	1408	58	"2022-08-16 12:08:51.304"	"139.162.99.243"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	5220	"2022-08-16 12:08:51.585"	"boost::asio::error::eof ..."
"SMTPD"	5220	58	"2022-08-16 12:08:51.585"	"139.162.99.243"	"RECEIVED: "
"SMTPD"	5220	58	"2022-08-16 12:08:51.585"	"139.162.99.243"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	5992	"2022-08-16 12:08:51.585"	"boost::asio::error::eof ..."
"SMTPD"	5992	58	"2022-08-16 12:08:51.585"	"139.162.99.243"	"RECEIVED: "
"SMTPD"	5992	58	"2022-08-16 12:08:51.585"	"139.162.99.243"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	5220	"2022-08-16 12:08:51.585"	"boost::asio::error::eof ..."
"SMTPD"	5220	58	"2022-08-16 12:08:51.585"	"139.162.99.243"	"RECEIVED: "
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Some email bypass spamasssassin

Post by SorenR » 2022-08-16 13:24

Normal mailserver...

Code: Select all

"SMTPD"	3396	40	"2022-08-16 03:29:42.715"	"35.153.177.161"	"SENT: 220 My_PTR.3.dk ESMTP"
"SMTPD"	3588	40	"2022-08-16 03:29:42.840"	"35.153.177.161"	"RECEIVED: ehlo localhost"
"SMTPD"	3588	40	"2022-08-16 03:29:43.059"	"35.153.177.161"	"SENT: 554 5.3.0 [BAD EHLO] Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means."
"SMTPD"	3824	40	"2022-08-16 03:29:43.200"	"35.153.177.161"	"RECEIVED: AUTH NTLM"
"SMTPD"	3824	40	"2022-08-16 03:29:43.200"	"35.153.177.161"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	1508	"2022-08-16 03:29:43.325"	"boost::asio::error::eof ..."
"SMTPD"	1508	40	"2022-08-16 03:29:43.325"	"35.153.177.161"	"RECEIVED: "
"SMTPD"	1508	40	"2022-08-16 03:29:43.325"	"35.153.177.161"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	712	"2022-08-16 03:29:43.325"	"boost::asio::error::eof ..."
"SMTPD"	712	40	"2022-08-16 03:29:43.325"	"35.153.177.161"	"RECEIVED: "
"SMTPD"	712	40	"2022-08-16 03:29:43.325"	"35.153.177.161"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	1508	"2022-08-16 03:29:43.325"	"boost::asio::error::eof ..."
"SMTPD"	1508	40	"2022-08-16 03:29:43.325"	"35.153.177.161"	"RECEIVED: "
"SMTPD"	1508	40	"2022-08-16 03:29:43.325"	"35.153.177.161"	"SENT: Too many invalid commands. Bye!"
"SMTPD"	3396	42	"2022-08-16 03:37:32.612"	"178.18.251.136"	"SENT: 220 My_PTR.3.dk ESMTP"
"SMTPD"	3588	42	"2022-08-16 03:37:32.674"	"178.18.251.136"	"RECEIVED: EHLO 40.138.220.132"
"SMTPD"	3588	42	"2022-08-16 03:37:32.815"	"178.18.251.136"	"SENT: 554 5.3.0 [BAD EHLO] Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means."
"SMTPD"	684	42	"2022-08-16 03:37:32.878"	"178.18.251.136"	"RECEIVED: HELO 40.138.220.132"
"SMTPD"	684	42	"2022-08-16 03:37:32.940"	"178.18.251.136"	"SENT: 554 5.3.0 [BAD HELO] Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means."
"APPLICATION"	2716	"2022-08-16 03:37:33.003"	"boost::asio::error::eof ..."
"SMTPD"	2716	42	"2022-08-16 03:37:33.003"	"178.18.251.136"	"RECEIVED: "
"SMTPD"	2716	42	"2022-08-16 03:37:33.003"	"178.18.251.136"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	4064	"2022-08-16 03:37:33.003"	"boost::asio::error::eof ..."
"SMTPD"	4064	42	"2022-08-16 03:37:33.003"	"178.18.251.136"	"RECEIVED: "
"SMTPD"	4064	42	"2022-08-16 03:37:33.003"	"178.18.251.136"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	4064	"2022-08-16 03:37:33.003"	"boost::asio::error::eof ..."
"SMTPD"	4064	42	"2022-08-16 03:37:33.003"	"178.18.251.136"	"RECEIVED: "
"SMTPD"	4064	42	"2022-08-16 03:37:33.003"	"178.18.251.136"	"SENT: 503 Bad sequence of commands"
"APPLICATION"	2716	"2022-08-16 03:37:33.003"	"boost::asio::error::eof ..."
"SMTPD"	2716	42	"2022-08-16 03:37:33.003"	"178.18.251.136"	"RECEIVED: "
"SMTPD"	2716	42	"2022-08-16 03:37:33.003"	"178.18.251.136"	"SENT: Too many invalid commands. Bye!"
"SMTPD"	3396	63	"2022-08-16 05:16:46.063"	"185.164.13.136"	"SENT: 220 My_PTR.3.dk ESMTP"
"SMTPD"	2716	63	"2022-08-16 05:16:46.094"	"185.164.13.136"	"RECEIVED: EHLO crm-bulk2.pub.infra-cph3.one.com"
"SMTPD"	2716	63	"2022-08-16 05:16:46.141"	"185.164.13.136"	"SENT: 250-mx.acme.inc[nl]250-SIZE[nl]250 STARTTLS"
"SMTPD"	3396	63	"2022-08-16 05:16:46.157"	"185.164.13.136"	"RECEIVED: STARTTLS"
"SMTPD"	3396	63	"2022-08-16 05:16:46.157"	"185.164.13.136"	"SENT: 220 Ready to start TLS"
"SMTPD"	984	63	"2022-08-16 05:16:46.282"	"185.164.13.136"	"RECEIVED: EHLO crm-bulk2.pub.infra-cph3.one.com"
"SMTPD"	984	63	"2022-08-16 05:16:46.329"	"185.164.13.136"	"SENT: 250-mx.acme.inc[nl]250 SIZE"
"SMTPD"	2800	63	"2022-08-16 05:16:46.376"	"185.164.13.136"	"RECEIVED: MAIL FROM:<salg@dk.one.com>"
"SMTPD"	2800	63	"2022-08-16 05:16:46.829"	"185.164.13.136"	"SENT: 250 OK"
"SMTPD"	984	63	"2022-08-16 05:16:46.844"	"185.164.13.136"	"RECEIVED: RCPT TO:<louise@acme.inc>"
"SMTPD"	984	63	"2022-08-16 05:16:46.860"	"185.164.13.136"	"SENT: 250 OK"
"SMTPD"	2800	63	"2022-08-16 05:16:46.876"	"185.164.13.136"	"RECEIVED: DATA"
"SMTPD"	2800	63	"2022-08-16 05:16:46.876"	"185.164.13.136"	"SENT: 354 OK, send."
"SMTPD"	3416	63	"2022-08-16 05:16:52.501"	"185.164.13.136"	"SENT: 250 Queued (5.248 seconds)"
"APPLICATION"	1852	"2022-08-16 05:16:52.501"	"SMTPDeliverer - Message 1318603: Delivering message from salg@dk.one.com to louise@acme.inc. File: C:\hMailServer\Data\{3C4B910B-5D9D-40BF-8261-B0897882854D}.eml"
"SMTPD"	1508	63	"2022-08-16 05:16:52.532"	"185.164.13.136"	"RECEIVED: QUIT"
"SMTPD"	1508	63	"2022-08-16 05:16:52.532"	"185.164.13.136"	"SENT: 221 goodbye"
"APPLICATION"	1852	"2022-08-16 05:16:52.595"	"SMTPDeliverer - Message 1318603: Message delivery thread completed."
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-16 13:25

I think i pretty much got rid of the winsock error 2 in *.49 (anyone running that? I can see it is downloaded)

Now remains (automated restarts of SA)

Code: Select all

"ERROR"	8436	"2022-08-16 11:53:50.809"	"Severity: 3 (Medium), Code: HM5157, Source: SpamAssassinClient::OnReadError, Description: There was a communication error with SpamAssassin. hMailServer tried to retrieve data from SpamAssassin but the connection to SpamAssassin was lost. The WinSock error code is 10054. Enable debug logging to retrieve more information regarding this problem. The problem could be that SpamAssassin is malfunctioning."
"ERROR"	5068	"2022-08-16 11:53:59.981"	"Severity: 2 (High), Code: HM5508, Source: SpamTestSpamAssassin::RunTest, Description: The SpamAssassin tests did not complete. Please confirm that the configuration (host name and port) is valid and that SpamAssassin is running."
Trying to create some retry mechanism, see: https://www.hmailserver.com/forum/viewt ... 94#p241694
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-16 13:49

@SorenR

Below code won't trigger boost::asio::error::eof when receive_binary_ (eg: SA), but still outputs boost::asio::error::eof errors for IMAP, SMTP and POP (i tried to maintain existing behavior/logging for those, although not sure if that is necessary?)

Code: Select all

   void 
   TCPConnection::AsyncReadCompleted(const boost::system::error_code& error, size_t bytes_transferred)
   {
      UpdateAutoLogoutTimer();

      if (error.value() != 0 && error.value() != boost::asio::error::eof)
      {
         if (connection_state_ != StateConnected)
         {
            // The read failed, but we've already started the disconnection. So we should not log the failure
            // or enqueue a new disconnect.
            return;
         }

         OnReadError(error.value());

         String message;
         message.Format(_T("The read operation failed. Bytes transferred: %d"), bytes_transferred);
         ReportDebugMessage(message, error);

         if (error.value() == boost::asio::error::not_found)
         {
            // read buffer is full...
            OnExcessiveDataReceived();
         }

         EnqueueDisconnect();
      }
      else
      {
         if (receive_binary_)
         {
            std::shared_ptr<ByteBuffer> pBuffer = std::shared_ptr<ByteBuffer>(new ByteBuffer());
            pBuffer->Allocate(receive_buffer_.size());

            std::istream is(&receive_buffer_);
            is.read((char*)pBuffer->GetBuffer(), receive_buffer_.size());

            try
            {
               ParseData(pBuffer);
            }
            catch (DisconnectedException&)
            {
               throw;
            }
            catch (...)
            {
               String message;
               message.Format(_T("An error occured while parsing data. Data size: %d"), pBuffer->GetSize());

               ReportError(ErrorManager::Medium, 5136, "TCPConnection::AsyncReadCompleted", message);

               throw;
            }
         }
         else
         {
            std::string s;
            std::istream is(&receive_buffer_);
            std::getline(is, s, '\r');

            // consume trailing \n on line.
            receive_buffer_.consume(1);

#ifdef _DEBUG
            String sDebugOutput;
            sDebugOutput.Format(_T("RECEIVED: %s\r\n"), String(s).c_str());
            OutputDebugString(sDebugOutput);
#endif
            if (error.value() == 0)
            {
               try
               {
                  ParseData(s);
               }
               catch (DisconnectedException&)
               {
                  throw;
               }
               catch (...)
               {
                  String message;
                  message.Format(_T("An error occured while parsing data. Data length: %d, Data: %s."), s.size(), String(s).c_str());

                  ReportError(ErrorManager::Medium, 5136, "TCPConnection::AsyncReadCompleted", message);

                  throw;
               }
            }
            else 
            {
               // display boost::asio::error::eof for SMTP, IMAP, POP
               if (connection_state_ != StateConnected)
               {
                  // The read failed, but we've already started the disconnection. So we should not log the failure
                  // or enqueue a new disconnect.
                  return;
               }

               OnReadError(error.value());

               String message;
               message.Format(_T("The read operation failed. Bytes transferred: %d"), bytes_transferred);
               ReportDebugMessage(message, error);

               if (error.value() == boost::asio::error::not_found)
               {
                  // read buffer is full...
                  OnExcessiveDataReceived();
               }

               EnqueueDisconnect();
            }
         }
      }

      operation_queue_.Pop(IOOperation::BCTRead);
      ProcessOperationQueue_(0);
   }
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Some email bypass spamasssassin

Post by SorenR » 2022-08-16 15:06

RvdH wrote:
2022-08-16 13:49
@SorenR

Below code won't trigger boost::asio::error::eof when receive_binary_ (eg: SA), but still outputs boost::asio::error::eof errors for IMAP, SMTP and POP (i tried to maintain existing behavior/logging for those, although not sure if that is necessary?)

Code: Select all

   void 
   TCPConnection::AsyncReadCompleted(const boost::system::error_code& error, size_t bytes_transferred)
   {
      UpdateAutoLogoutTimer();

      if (error.value() != 0 && error.value() != boost::asio::error::eof)
      {
         if (connection_state_ != StateConnected)
         {
            // The read failed, but we've already started the disconnection. So we should not log the failure
            // or enqueue a new disconnect.
            return;
         }

         OnReadError(error.value());

         String message;
         message.Format(_T("The read operation failed. Bytes transferred: %d"), bytes_transferred);
         ReportDebugMessage(message, error);

         if (error.value() == boost::asio::error::not_found)
         {
            // read buffer is full...
            OnExcessiveDataReceived();
         }

         EnqueueDisconnect();
      }
      else
      {
         if (receive_binary_)
         {
            std::shared_ptr<ByteBuffer> pBuffer = std::shared_ptr<ByteBuffer>(new ByteBuffer());
            pBuffer->Allocate(receive_buffer_.size());

            std::istream is(&receive_buffer_);
            is.read((char*)pBuffer->GetBuffer(), receive_buffer_.size());

            try
            {
               ParseData(pBuffer);
            }
            catch (DisconnectedException&)
            {
               throw;
            }
            catch (...)
            {
               String message;
               message.Format(_T("An error occured while parsing data. Data size: %d"), pBuffer->GetSize());

               ReportError(ErrorManager::Medium, 5136, "TCPConnection::AsyncReadCompleted", message);

               throw;
            }
         }
         else
         {
            std::string s;
            std::istream is(&receive_buffer_);
            std::getline(is, s, '\r');

            // consume trailing \n on line.
            receive_buffer_.consume(1);

#ifdef _DEBUG
            String sDebugOutput;
            sDebugOutput.Format(_T("RECEIVED: %s\r\n"), String(s).c_str());
            OutputDebugString(sDebugOutput);
#endif
            if (error.value() == 0)
            {
               try
               {
                  ParseData(s);
               }
               catch (DisconnectedException&)
               {
                  throw;
               }
               catch (...)
               {
                  String message;
                  message.Format(_T("An error occured while parsing data. Data length: %d, Data: %s."), s.size(), String(s).c_str());

                  ReportError(ErrorManager::Medium, 5136, "TCPConnection::AsyncReadCompleted", message);

                  throw;
               }
            }
            else 
            {
               // display boost::asio::error::eof for SMTP, IMAP, POP
               if (connection_state_ != StateConnected)
               {
                  // The read failed, but we've already started the disconnection. So we should not log the failure
                  // or enqueue a new disconnect.
                  return;
               }

               OnReadError(error.value());

               String message;
               message.Format(_T("The read operation failed. Bytes transferred: %d"), bytes_transferred);
               ReportDebugMessage(message, error);

               if (error.value() == boost::asio::error::not_found)
               {
                  // read buffer is full...
                  OnExcessiveDataReceived();
               }

               EnqueueDisconnect();
            }
         }
      }

      operation_queue_.Pop(IOOperation::BCTRead);
      ProcessOperationQueue_(0);
   }
Not sure it matters logically but I turned that entire "if" statement upside down. I still have not had any issues with SMTP, IMAP, POP3 or SA... That's why I'm logging.

Code: Select all

      if (!error || error == boost::asio::error::eof)
      {
         if (receive_binary_)
         {
               std::shared_ptr<ByteBuffer> pBuffer = std::shared_ptr<ByteBuffer>(new ByteBuffer());
            pBuffer->Allocate(receive_buffer_.size());

            std::istream is(&receive_buffer_);
            is.read((char*) pBuffer->GetBuffer(), receive_buffer_.size());

            try
            {
               ParseData(pBuffer);
            }
            catch (DisconnectedException&)
            {
               throw;
            }
            catch (...)
            {
               String message;
               message.Format(_T("An error occured while parsing data. Data size: %d"), pBuffer->GetSize());

               ReportError(ErrorManager::Medium, 5136, "TCPConnection::AsyncReadCompleted", message);

               throw;
            }
         }
         else
         {
            std::string s;
            std::istream is(&receive_buffer_);
            std::getline(is, s, '\r');

            // consume trailing \n on line.
            receive_buffer_.consume(1);

      #ifdef _DEBUG
            String sDebugOutput;
            sDebugOutput.Format(_T("RECEIVED: %s\r\n"), String(s).c_str());
            OutputDebugString(sDebugOutput);
      #endif

            try
            {
               ParseData(s);
            }
            catch (DisconnectedException&)
            {
               throw;
            }
            catch (...)
            {
               String message;
               message.Format(_T("An error occured while parsing data. Data length: %d, Data: %s."), s.size(), String(s).c_str());

               ReportError(ErrorManager::Medium, 5136, "TCPConnection::AsyncReadCompleted", message);

               throw;
            }
         }
      }
      else
      {
         if (connection_state_ != StateConnected)
         {
            // The read failed, but we've already started the disconnection. So we should not log the failure
            // or enqueue a new disconnect.
            return;
         }

         OnReadError(error.value());

         String message;
         message.Format(_T("The read operation failed. Bytes transferred: %d"), bytes_transferred);
         ReportDebugMessage(message, error);

         if (error.value() == boost::asio::error::not_found)
         {
            // read buffer is full...
            OnExcessiveDataReceived();
         }

         EnqueueDisconnect();
      }
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-16 15:27

SorenR wrote:
2022-08-16 15:06
Not sure it matters logically but I turned that entire "if" statement upside down. I still have not had any issues with SMTP, IMAP, POP3 or SA... That's why I'm logging.
i noticed :wink:

code/execution wise it is exactly the same, not? It is still if, else... end if
The only difference is i still output eof errors for SMTP, POP ad IMAP....which i think is a bit messy in your logs, but did that to keep current logging behavior
Last edited by RvdH on 2022-08-16 15:54, edited 1 time in total.
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Some email bypass spamasssassin

Post by SorenR » 2022-08-16 15:53

RvdH wrote:
2022-08-16 15:27
SorenR wrote:
2022-08-16 15:06
Not sure it matters logically but I turned that entire "if" statement upside down. I still have not had any issues with SMTP, IMAP, POP3 or SA... That's why I'm logging.
i noticed :wink:

code/execution wise it is exactly the same, not?
The only difference is i still output eof errors for SMTP, POP ad IMAP....which i think is a bit messy in your logs, but did that to keep current logging behavior
Once this works my "unusual" logging is removed. I like to see what goes on without sifting through hundreds of DEBUG lines I can't use for anything.
I have had no ERROR lines so far - well execpt when I last restarted the server, it seems I killed some active processes and it complained about not being able to write a minidump :roll:
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Some email bypass spamasssassin

Post by SorenR » 2022-08-16 16:08

Hmm... You tell me.

Code: Select all

if (error.value() != 0 && error.value() != boost::asio::error::eof)
{
    A
}
else
{
    B
}



if (!error || error == boost::asio::error::eof)
{
    B
}
else
{
    A
}
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-16 16:11

SorenR wrote:
2022-08-16 16:08
Hmm... You tell me.

Code: Select all

if (error.value() != 0 && error.value() != boost::asio::error::eof)
{
    A
}
else
{
    B
}



if (!error || error == boost::asio::error::eof)
{
    B
}
else
{
    A
}
If you see no difference there is no difference :lol:
What made you think it could make a difference?
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Some email bypass spamasssassin

Post by SorenR » 2022-08-16 16:49

RvdH wrote:
2022-08-16 16:11
SorenR wrote:
2022-08-16 16:08
Hmm... You tell me.

Code: Select all

if (error.value() != 0 && error.value() != boost::asio::error::eof)
{
    A
}
else
{
    B
}



if (!error || error == boost::asio::error::eof)
{
    B
}
else
{
    A
}
If you see no difference there is no difference :lol:
What made you think it could make a difference?
It is easier to read :wink:
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Some email bypass spamasssassin

Post by SorenR » 2022-08-16 17:10

I don't have this code... What does it do?

Code: Select all

            else 
            {
               // display boost::asio::error::eof for SMTP, IMAP, POP
               if (connection_state_ != StateConnected)
               {
                  // The read failed, but we've already started the disconnection. So we should not log the failure
                  // or enqueue a new disconnect.
                  return;
               }

               OnReadError(error.value());

               String message;
               message.Format(_T("The read operation failed. Bytes transferred: %d"), bytes_transferred);
               ReportDebugMessage(message, error);

               if (error.value() == boost::asio::error::not_found)
               {
                  // read buffer is full...
                  OnExcessiveDataReceived();
               }

               EnqueueDisconnect();
            }
         }
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-16 17:16

Read the comment :?: :lol:

Code: Select all

// display boost::asio::error::eof for SMTP, IMAP, POP
Not that i did not mention that before... eg: your code doesn't show those anymore, but apparently martin put it there for a reason, see: https://github.com/hmailserver/hmailserver/issues/195
SorenR wrote:
2022-08-16 16:49
It is easier to read :wink:
Sure.
...whatever, it is literally the same code only in different order

Your code only is better if you do not display boost::asio::error::eof for SMTP, IMAP, POP, eg: BAD NULL COMMAND mentioned earlier in this topic
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-16 18:38

SorenR wrote:
2022-08-16 17:10
I don't have this code... What does it do?

Code: Select all

            else 
            {
               // display boost::asio::error::eof for SMTP, IMAP, POP
               if (connection_state_ != StateConnected)
               {
                  // The read failed, but we've already started the disconnection. So we should not log the failure
                  // or enqueue a new disconnect.
                  return;
               }

               OnReadError(error.value());

               String message;
               message.Format(_T("The read operation failed. Bytes transferred: %d"), bytes_transferred);
               ReportDebugMessage(message, error);

               if (error.value() == boost::asio::error::not_found)
               {
                  // read buffer is full...
                  OnExcessiveDataReceived();
               }

               EnqueueDisconnect();
            }
         }
PS, this should not be there, eg: unreachable code as that would be catched on top

Code: Select all

               if (error.value() == boost::asio::error::not_found)
               {
                  // read buffer is full...
                  OnExcessiveDataReceived();
               }
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Some email bypass spamasssassin

Post by SorenR » 2022-08-16 18:51

RvdH wrote:
2022-08-16 17:16
Read the comment :?: :lol:

Code: Select all

// display boost::asio::error::eof for SMTP, IMAP, POP
Not that i did not mention that before... eg: your code doesn't show those anymore, but apparently martin put it there for a reason, see: https://github.com/hmailserver/hmailserver/issues/195
Check github, that code is not in the 5.6.9 repository.
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-16 18:58

Duh, really? I added it there (mentioned multiple times!) to be able to keep logging eof errors for SMTP, POP and IMAP :lol: :mrgreen:

Don't know what is wrong with the audience here...
People, please learn to read!
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-17 00:44

@SorenR,

I actually tried your code, it's spawning BAD NULL COMMAND...so maybe it doesn't produce errors, but that is not the way it should work

Code: Select all

"APPLICATION"	2856	"2022-08-17 00:40:13.503"	"boost::asio::error::eof ..."
"IMAPD"	2856	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"RECEIVED: "
"IMAPD"	2856	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"SENT:  BAD NULL COMMAND"
"APPLICATION"	8176	"2022-08-17 00:40:13.518"	"boost::asio::error::eof ..."
"IMAPD"	8176	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"RECEIVED: "
"IMAPD"	8176	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"SENT:  BAD NULL COMMAND"
"APPLICATION"	8176	"2022-08-17 00:40:13.518"	"boost::asio::error::eof ..."
"IMAPD"	8176	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"RECEIVED: "
"IMAPD"	8176	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"SENT:  BAD NULL COMMAND"
"APPLICATION"	8176	"2022-08-17 00:40:13.518"	"boost::asio::error::eof ..."
"IMAPD"	8176	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"RECEIVED: "
"IMAPD"	8176	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"SENT:  BAD NULL COMMAND"
to get rid of those do:

Code: Select all

            if (!error)
            {
               try
               {
                  ParseData(s);
               }
               catch (DisconnectedException&)
               {
                  throw;
               }
               catch (...)
               {
                  String message;
                  message.Format(_T("An error occured while parsing data. Data length: %d, Data: %s."), s.size(), String(s).c_str());

                  ReportError(ErrorManager::Medium, 5136, "TCPConnection::AsyncReadCompleted", message);

                  throw;
               }
            }
And that is exactly where my additional 'if, else' comes from :)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Some email bypass spamasssassin

Post by SorenR » 2022-08-17 01:06

RvdH wrote:
2022-08-17 00:44
@SorenR,

I actually tried your code, it's spawning BAD NULL COMMAND...so maybe it doesn't produce errors, but that is not the way it should work

Code: Select all

"APPLICATION"	2856	"2022-08-17 00:40:13.503"	"boost::asio::error::eof ..."
"IMAPD"	2856	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"RECEIVED: "
"IMAPD"	2856	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"SENT:  BAD NULL COMMAND"
"APPLICATION"	8176	"2022-08-17 00:40:13.518"	"boost::asio::error::eof ..."
"IMAPD"	8176	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"RECEIVED: "
"IMAPD"	8176	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"SENT:  BAD NULL COMMAND"
"APPLICATION"	8176	"2022-08-17 00:40:13.518"	"boost::asio::error::eof ..."
"IMAPD"	8176	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"RECEIVED: "
"IMAPD"	8176	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"SENT:  BAD NULL COMMAND"
"APPLICATION"	8176	"2022-08-17 00:40:13.518"	"boost::asio::error::eof ..."
"IMAPD"	8176	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"RECEIVED: "
"IMAPD"	8176	15	"2022-08-17 00:40:13.518"	"2a02:a45f:1079:1:1ca5:5d50:69eb:2ae8"	"SENT:  BAD NULL COMMAND"
to get rid of those do:

Code: Select all

            if (!error)
            {
               try
               {
                  ParseData(s);
               }
               catch (DisconnectedException&)
               {
                  throw;
               }
               catch (...)
               {
                  String message;
                  message.Format(_T("An error occured while parsing data. Data length: %d, Data: %s."), s.size(), String(s).c_str());

                  ReportError(ErrorManager::Medium, 5136, "TCPConnection::AsyncReadCompleted", message);

                  throw;
               }
            }
And that is exactly where my additional 'if, else' comes from :)
I have not seen one single "BAD NULL COMMAND" yet. What do you do to get them?
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-17 01:08

Enable IMAP logging :lol:

I (think) i have it only with my phone, gmail app and samsung mail app (android)
But it is not that strange if you think about it, you let eof errors thru, so IMAP gets eof commands, eg: BAD NULL COMMAND

[edit]
+ roundcube (sometimes)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Some email bypass spamasssassin

Post by SorenR » 2022-08-17 01:22

SorenR wrote:
2022-08-17 01:06

I have not seen one single "BAD NULL COMMAND" yet. What do you do to get them?
Oooooh .... My Android phone mail client can make them on 4G :roll:

Never tried that until now - I have pretty good WiFi coverage between my workshop, my house and my pool :mrgreen:
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-17 01:26

SorenR wrote:
2022-08-17 01:22
SorenR wrote:
2022-08-17 01:06

I have not seen one single "BAD NULL COMMAND" yet. What do you do to get them?
Oooooh .... My Android phone mail client can make them on 4G :roll:

Never tried that until now - I have pretty good WiFi coverage between my workshop, my house and my pool :mrgreen:
4G, 5G, or WiFi...makes no difference

Outlook desktop app produces BAD NULL COMMAND's too, although (much) less frequent
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Some email bypass spamasssassin

Post by SorenR » 2022-08-17 01:58

RvdH wrote:
2022-08-17 01:26
SorenR wrote:
2022-08-17 01:22
SorenR wrote:
2022-08-17 01:06

I have not seen one single "BAD NULL COMMAND" yet. What do you do to get them?
Oooooh .... My Android phone mail client can make them on 4G :roll:

Never tried that until now - I have pretty good WiFi coverage between my workshop, my house and my pool :mrgreen:
4G, 5G, or WiFi...makes no difference

Outlook desktop app produces BAD NULL COMMAND's too, although (much) less frequent
OK, revised the code with Martin's changes and the BAD NULL COMMAND is gone. I use eM Client and my Roundcube 1.3.3 was clean too. :roll:
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-17 08:58

SorenR wrote:
2022-08-17 01:58
OK, revised the code with Martin's changes and the BAD NULL COMMAND is gone. I use eM Client and my Roundcube 1.3.3 was clean too. :roll:
That is (still) no good, but i let you discover that on your own :lol:

I'll give you a hint, you don't like errors to be reported at all?
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-17 11:56

RvdH wrote:
2022-08-17 08:58
SorenR wrote:
2022-08-17 01:58
OK, revised the code with Martin's changes and the BAD NULL COMMAND is gone. I use eM Client and my Roundcube 1.3.3 was clean too. :roll:
That is (still) no good, but i let you discover that on your own :lol:

I'll give you a hint, you don't like errors to be reported at all?
Previously you had:

Code: Select all

if (!error || error == boost::asio::error::eof)
{
	if (receive_binary_)
	{
		B1
	}
	else 
	{
		B2
	}
}
else
{
	A
}
And now:

Code: Select all

if (!error || error == boost::asio::error::eof)
{
	if (receive_binary_)
	{
		B1
	}
	else 
	{
		if (!error)
			B2.1
		else
			B2.2
	}
}
eg: You never trigger A
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Some email bypass spamasssassin

Post by SorenR » 2022-08-17 14:42

RvdH wrote:
2022-08-17 11:56

That is (still) no good, but i let you discover that on your own :lol:

I'll give you a hint, you don't like errors to be reported at all?
I've actually copied your code from above ... Is that still a problem then?

I came to the conclusion that I should maintain the order of the if..then..else for future updates :mrgreen:
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-17 14:59

https://github.com/SorenRR/hmailserver/ ... #L571-L670

↑ Where is A?

With A ↓

Code: Select all

   void
   TCPConnection::AsyncReadCompleted(const boost::system::error_code& error, size_t bytes_transferred)
   {
      UpdateAutoLogoutTimer();

      if (error == boost::asio::error::eof)
         LOG_APPLICATION("boost::asio::error::eof ...");

      if (!error || error == boost::asio::error::eof)
      {
         if (receive_binary_)
         {
            std::shared_ptr<ByteBuffer> pBuffer = std::shared_ptr<ByteBuffer>(new ByteBuffer());
            pBuffer->Allocate(receive_buffer_.size());

            std::istream is(&receive_buffer_);
            is.read((char*)pBuffer->GetBuffer(), receive_buffer_.size());

            try
            {
               ParseData(pBuffer);
            }
            catch (DisconnectedException&)
            {
               throw;
            }
            catch (...)
            {
               String message;
               message.Format(_T("An error occured while parsing data. Data size: %d"), pBuffer->GetSize());

               ReportError(ErrorManager::Medium, 5136, "TCPConnection::AsyncReadCompleted", message);

               throw;
            }
         }
         else
         {
            std::string s;
            std::istream is(&receive_buffer_);
            std::getline(is, s, '\r');

            // consume trailing \n on line.
            receive_buffer_.consume(1);

   #ifdef _DEBUG
            String sDebugOutput;
            sDebugOutput.Format(_T("RECEIVED: %s\r\n"), String(s).c_str());
            OutputDebugString(sDebugOutput);
   #endif
            if (!error)
            {
               try
               {
                  ParseData(s);
               }
               catch (DisconnectedException&)
               {
                  throw;
               }
               catch (...)
               {
                  String message;
                  message.Format(_T("An error occured while parsing data. Data length: %d, Data: %s."), s.size(), String(s).c_str());

                  ReportError(ErrorManager::Medium, 5136, "TCPConnection::AsyncReadCompleted", message);

                  throw;
               }
            }
            else
            {
               // display boost::asio::error::eof for SMTP, IMAP, POP
               if (connection_state_ != StateConnected)
               {
                  // The read failed, but we've already started the disconnection. So we should not log the failure
                  // or enqueue a new disconnect.
                  return;
               }

               OnReadError(error.value());

               String message;
               message.Format(_T("The read operation failed. Bytes transferred: %d"), bytes_transferred);
               ReportDebugMessage(message, error);

               EnqueueDisconnect();
            }
         }
      }
      else
      {
         if (connection_state_ != StateConnected)
         {
            // The read failed, but we've already started the disconnection. So we should not log the failure
            // or enqueue a new disconnect.
            return;
         }

         OnReadError(error.value());

         String message;
         message.Format(_T("The read operation failed. Bytes transferred: %d"), bytes_transferred);
         ReportDebugMessage(message, error);

         if (error.value() == boost::asio::error::not_found)
         {
            // read buffer is full...
            OnExcessiveDataReceived();
         }

         EnqueueDisconnect();
      }

      operation_queue_.Pop(IOOperation::BCTRead);
      ProcessOperationQueue_(0);
   }
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Some email bypass spamasssassin

Post by SorenR » 2022-08-17 15:04

RvdH wrote:
2022-08-17 14:59
https://github.com/SorenRR/hmailserver/ ... #L571-L670

↑ Where is A?

With A ↓

Code: Select all

   void
   TCPConnection::AsyncReadCompleted(const boost::system::error_code& error, size_t bytes_transferred)
   {
      UpdateAutoLogoutTimer();

      if (error == boost::asio::error::eof)
         LOG_APPLICATION("boost::asio::error::eof ...");

      if (!error || error == boost::asio::error::eof)
      {
         if (receive_binary_)
         {
            std::shared_ptr<ByteBuffer> pBuffer = std::shared_ptr<ByteBuffer>(new ByteBuffer());
            pBuffer->Allocate(receive_buffer_.size());

            std::istream is(&receive_buffer_);
            is.read((char*)pBuffer->GetBuffer(), receive_buffer_.size());

            try
            {
               ParseData(pBuffer);
            }
            catch (DisconnectedException&)
            {
               throw;
            }
            catch (...)
            {
               String message;
               message.Format(_T("An error occured while parsing data. Data size: %d"), pBuffer->GetSize());

               ReportError(ErrorManager::Medium, 5136, "TCPConnection::AsyncReadCompleted", message);

               throw;
            }
         }
         else
         {
            std::string s;
            std::istream is(&receive_buffer_);
            std::getline(is, s, '\r');

            // consume trailing \n on line.
            receive_buffer_.consume(1);

   #ifdef _DEBUG
            String sDebugOutput;
            sDebugOutput.Format(_T("RECEIVED: %s\r\n"), String(s).c_str());
            OutputDebugString(sDebugOutput);
   #endif
            if (!error)
            {
               try
               {
                  ParseData(s);
               }
               catch (DisconnectedException&)
               {
                  throw;
               }
               catch (...)
               {
                  String message;
                  message.Format(_T("An error occured while parsing data. Data length: %d, Data: %s."), s.size(), String(s).c_str());

                  ReportError(ErrorManager::Medium, 5136, "TCPConnection::AsyncReadCompleted", message);

                  throw;
               }
            }
            else
            {
               // display boost::asio::error::eof for SMTP, IMAP, POP
               if (connection_state_ != StateConnected)
               {
                  // The read failed, but we've already started the disconnection. So we should not log the failure
                  // or enqueue a new disconnect.
                  return;
               }

               OnReadError(error.value());

               String message;
               message.Format(_T("The read operation failed. Bytes transferred: %d"), bytes_transferred);
               ReportDebugMessage(message, error);

               EnqueueDisconnect();
            }
         }
      }
      else
      {
         if (connection_state_ != StateConnected)
         {
            // The read failed, but we've already started the disconnection. So we should not log the failure
            // or enqueue a new disconnect.
            return;
         }

         OnReadError(error.value());

         String message;
         message.Format(_T("The read operation failed. Bytes transferred: %d"), bytes_transferred);
         ReportDebugMessage(message, error);

         if (error.value() == boost::asio::error::not_found)
         {
            // read buffer is full...
            OnExcessiveDataReceived();
         }

         EnqueueDisconnect();
      }

      operation_queue_.Pop(IOOperation::BCTRead);
      ProcessOperationQueue_(0);
   }
https://github.com/SorenRR/hmailserver/ ... L476-#L596
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
RvdH
Senior user
Senior user
Posts: 2314
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Some email bypass spamasssassin

Post by RvdH » 2022-08-17 15:12

omg, copy & paste...now you reverted back to original order, Not? eg: not needed :shock:
It would be better if you understand what you are doing... :mrgreen:
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

Post Reply