552 5.2.0 Message contains bare CR and is violating 822.bis section 2.3 (in reply to end of DATA command))

Today, I spent half my day debugging an email error. I got a lot of bounces saying:

552 5.2.0 Message contains bare CR and is violating 822.bis section 2.3 (in reply to end of DATA command))

In the 20+ years I'm running mailservers, I had never heard of this error before. And Google couldn't make me much wiser either.

The mailserver generating the message was mxin5.ziggo.nl - the primary server for Dutch provider Ziggo. I could not figure out which MTA they are using, although the banner right after an EHLO looks like Sendmail. I downloaded the latest Sendmail sources, but this error message does not come from a vanilla Sendmail installation. Other software like FortiMail may be a Sendmail fork or mimic the Sendmail signatures. But of course we cannot examine their source code.

I did find some references that qmail may have problems with bare LFs. But those were with regards to LF (line feed), not CR (carriage return). Downloaded the source of qmail and netqmail to find that qmail was probably not the MTA used either.

Then I tried to trace my own postfix server. Let's see that the mail does indeed contain a bare CR. I did not believe there was a bare CR as I examined the sourcecode of the generating software. Tracing is a lot harder nowadays since starttls will prevent a simple tcpdump. As an alternative, I used postfix' header_checks to HOLD a suspected mail and sure enough, the software generating the message included a stray CR = hex char %0D = \r in a small percentage of outgoing mails. The generating software used an external data source which inserted the CR.

The bug generating the CR in the emails is years old, the mails were always accepted by Ziggo without any problem. My best guess is that Ziggo recently upgraded their mailserver and the new version now forbids the CR.

© GeekLabInfo 552 5.2.0 Message contains bare CR and is violating 822.bis section 2.3 (in reply to end of DATA command)) is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

Blocking .wwf attachments

Some idiotic german 'invented' a way to 'save trees'. By converting your attachments to .wwf format - a special .pdf format that blocks printing. While this may be a great feature to block printing of contracts etcetera if you're running a malicious company, most people simply don't want this.

So the big question is: How do I block .wwf files?

Postfix

In /etc/postfix/main.cf uncomment or add the following line
header_checks = pcre:/etc/postfix/header_checks

Then edit /etc/postfix/header_checks and add the following line:
/Content-Disposition: .*\.wwf"/ REJECT Please don't send .wwf files.

Exchange

Attachment blocking in exchange is usually performed by a virusscanner/spamfilter. You could use for example Trend Micro or GFI to block .wwf files.

Sendmail

Depending on your setup, you could use amavisd-new, mailscanner or procmail to block out .wwf files.

qmail

To block attachments with qmail, you'll need Simscan. Simscan is a simple program that enables the qmail smtpd service to reject viruses, spam, and block attachments during the SMTP conversation so the processing load on the email system is kept to a minimum. The project is open source and uses other open source components. Small, very efficient and written in C. © GeekLabInfo
Blocking .wwf attachments is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...