“a ton of these type of messagizzles”

  2005-09-15


The following e-mail just dropped into my inbox via the clamsmtp-users mailing list: (I italicized the best bits for you)

Hey dudens!

I had a problem with this thing that I’ve fixed myself and now I am going to do the gracious thing and give back to those who have given me so much for so little for a change!

Given my experience with viruses (I am the fellow who identified with W32.ssl.B virus last year that probably saved people countless billions of dollars in down time) I decided that now would be a good time to get some anti-virus going at the bank that I work for! So I set out to find some free thingy that would do what I need for free so that way I don’t have to pay somebody for something and I can get away with it without them noser sons of bizatcheez from the SPA poking their beaks into my business! LLOSLLS!!!

So, I was using the ClamSTMP here on a BSD to our Exchange 2000 server. I noticed that about 4 out of 5 emails (or more) were getting lost somewhere in the bit bucket. I put a clamspmtd into snooper mode and noticed a ton of these type of messagizzles popping onto my box’s scope:

clamsmtpd: 100013: CLIENT: network read operation timed out

So what the hecker?!! So I went to the toilet and after a bit of staring at my log I thought that these connections that were timing out were always connections that, instead of the DATA command, were using some goofballing proprietary Exchange extension to the SMTP command set! Score one for Microstof for scooping our their shorts and tossing it our way:

clamsmtpd: 100013: CLIENT < XEXCH50 1912 2 clamsmtpd: 100013: SERVER > XEXCH50 1912 2

clamsmtpd: 100013: SERVER < 354 Send binary data clamsmtpd: 100013: CLIENT > 354 Send binary data

I also saw this after the EHLO command to list capabilities:

clamsmtpd: 100013: SERVER < 250-XEXCH50 clamsmtpd: 100013: CLIENT > 250-XEXCH50

So, I modified smtppass.c (I am not a C programmer at all, but I did manage to make this fat lady sing like the crazy tart she really is just ask the CEO here at the bank because shes good at making them women sing like daisies if you catch my wind). And here is my diff so you can cut and paste into your own code to solve this glaring, overlooked problem:

112a113

#define ESMTP_XEXCH50 “XEXCH50”

1043a1045

is_first_word(p, ESMTP_XEXCH50, KL(ESMTP_XEXCH50)) ||

This adds XEXCH50 to the list of filtered commands! After doing this, the sending MTA’s never use XEXCH50 as it is not listed as a capability for your proxied Exchange server and so they will use the standard goodie DATA command instead!

So you can all thank me now for this patch. I am sure a lot of you folks out there were having this problem and I am glad you are appreciative even if you will never admit it!

P.S. Check out my bloglog http://www.bilano.biz/ and you can read about the W32.ssl.b virus! It is very good…

——–

Mr. Billy B. Bilano, MSCE, CCNA

http://www.bilano.biz/

Expert Sysadmin Since 2003!

‘C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL’ — RMS

And no, Mr. Billy “Expert Sysadmin Since 2003” B. Bilano, I do not catch your wind.

PS – Nate Nielsen, the developer of clamsmtp, was very professional in his response and it looks like this code will be integrated into the next release.