更新

tag-icon tag-icon exim
更新

每当我使用 AUTH LOGIN 身份验证时,我的 exim4 vis 都会导致发送电子邮件时出现段错误。然而,使用 AUTH PLAIN 发送电子邮件的效果非常好。两种身份验证方法都连接到 Dovecot 身份验证器。

Exim4信息:

Exim version 4.92 #3 built 09-Sep-2021 16:25:33
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DANE DKIM DNSSEC Event OCSP PRDR PROXY SOCKS SPF TCP_Fast_Open Experimental_ARC Experimental_DCC Experimental_DMARC Experimental_DSN_info
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file search path is /etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
Configuration file is /var/lib/exim4/config.autogenerated

这是段错误消息:

Sep 13 12:57:36 tornavacas kernel: exim4[12679]: segfault at 0 ip 00007fdd2d854206 sp 00007ffe23909ac8 error 4 in libc-2.28.so[7fdd2d7de000+148000]
Sep 13 12:57:36 tornavacas kernel: Code: 0f 1f 40 00 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 6a <f3> 0f 6f 20 66 0f 74 e0 66 0f d7 d4 85 d2 74 04 0f bc c2 c3 48 83

这是 strace 输出的最后几行:

[pid 16595] munmap(0x7f5e7f800000, 2097152) = 0
[pid 16595] munmap(0x7f5e7df65000, 331776) = 0
[pid 16595] munmap(0x7f5e7fb1a000, 135168) = 0
[pid 16595] exit_group(1)               = ?
[pid 16595] +++ exited with 1 +++
[pid 16592] <... wait4 resumed> [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 16595
[pid 16592] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16595, si_uid=106, si_status=1, si_utime=2, si_stime=1} ---
[pid 16592] alarm(0)                    = 30
[pid 16592] rt_sigaction(SIGCHLD, {sa_handler=SIG_IGN, sa_mask=[CHLD], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f5c6ba6b840}, {sa_handler=SIG_DFL, sa_mask=[CHLD], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f5c6ba6b840}, 8) = 0
[pid 16592] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 16592] +++ killed by SIGSEGV +++
<... select resumed> )                  = ? ERESTARTNOHAND (To be restarted if no handler)
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=16592, si_uid=106, si_status=SIGSEGV, si_utime=0, si_stime=1} ---
rt_sigaction(SIGCHLD, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f5c6bc07730}, NULL, 8) = 0
rt_sigreturn({mask=[]})                 = -1 EINTR (Interrupted system call)
wait4(-1, [{WIFSIGNALED(s) && WTERMSIG(s) == SIGSEGV}], WNOHANG, NULL) = 16592
wait4(-1, 0x7fff60755674, WNOHANG, NULL) = -1 ECHILD (No child processes)
rt_sigaction(SIGCHLD, {sa_handler=0x55cf02123500, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f5c6bc07730}, NULL, 8) = 0
select(11, [3 4 5 6 7 8 9 10], NULL, NULL, NULL

这是我重现问题的方法:

#!/usr/bin/expect

set timeout 30
proc abort {} { exit 2 }

spawn nc tornavacas.domain.com 587
expect default abort "220 "
send "EHLO mypc\r"
expect default abort "\n250 "
send "AUTH LOGIN\r"
expect default abort "\n334 "
send "ZGlzZ3Vpc2VkQGRvbWFpbi5jb20=\r"
expect default abort "\n334 "
send "cGFzc3dvcmQ=\r"
send "MAIL FROM:[email protected]\r"
expect default abort "\n250 "
send "RCPT TO:[email protected]\r"
expect default abort "\n250 "
send "DATA\r"
expect default abort "\n354 "
send "Subject: Mensaje de prueba de Microsoft Outlook\r"
send "\r"
send "This is a multipart message in MIME format.\r"
send ".\r"
expect default abort "\n250 "
send "QUIT\r"

执行此脚本时,我得到以下输出:

../..
DATA
354 Enter message, ending with "." on a line by itself
Subject: Mensaje de prueba de Microsoft Outlook

This is a multipart message in MIME format.
.

尽管如此,如果我使用 AUTH PLAIN 发送相同的消息,它会起作用:

#!/usr/bin/expect

set timeout 30
proc abort {} { exit 2 }

spawn nc tornavacas.domain.com 587
expect default abort "220 "
send "EHLO mypc\r"
expect default abort "\n250 "
send "AUTH PLAIN AGRpc2d1aXNlZEBkb21haW4uY29tAHBhc3N3b3Jk\r"
expect default abort "\n235 "
send "MAIL FROM:[email protected]\r"
expect default abort "\n250 "
send "RCPT TO:[email protected]\r"
expect default abort "\n250 "
send "DATA\r"
expect default abort "\n354 "
send "Subject: Mensaje de prueba de Microsoft Outlook\r"
send "\r"
send "This is a multipart message in MIME format.\r"
send ".\r"
expect default abort "\n250 "
send "QUIT\r"

上述命令的输出如下:

DATA
354 Enter message, ending with "." on a line by itself
Subject: Mensaje de prueba de Microsoft Outlook

This is a multipart message in MIME format.
.
250 OK id=1mPk9v-0004O2-Bp

正如您所看到的,现在电子邮件服务器回复了 250 代码,而之前它根本没有回复,因为它死了。

问题是身份验证在这两种情况下都有效,但是当用户使用 LOGIN 方法而不是 PLAIN 方法对自己进行身份验证时,情况会发生变化。

我想支持这两种方法。您知道使用 AUTH LOGIN 后出现段错误的原因是什么吗?

更新

我进行了更多调查,发现问题的原因在于 check_data ACL,特别是在以下代码片段中:

  warn add_header = :at_start: ${authresults {$primary_hostname}}

理论上,该行应该只向电子邮件添加带有 authresults 扩展项的标头。然而,在注释掉它时,段错误并没有发生,而如果警告指令处于活动状态,则会发生段错误。

温暖的问候,

答案1

我发现问题的原因在于 check_data ACL,特别是在以下代码片段中:

warn add_header = :at_start: ${authresults {$primary_hostname}}

理论上,该行应该只向电子邮件添加带有 authresults 扩展项的标头。然而,在注释掉它时,段错误并没有发生,而如果警告指令处于活动状态,则会发生段错误。

相关内容