IBM Support

LO42921: ENHANCEMENT REQUEST- SMTP TO VALIDATE FOR RFC822 AND RFC821 ADDR ESSES IN MIME HEADER

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as Permanent restriction.

Error description

  • At present, there is no configurable feature to force the Domino
SMTP listener
task to check all addresses in the MIME header of an SMTP mail
to ensure that
the addresses have been correctly constructed. Domino accepts
messages
containing incorrectly constructed reply addresses. This is a
major problem
when a customer is being hit by SPAM. SPAM mails often have a
reply address
which is incorrectly constructed. When the SPAM is addressed to
a non-existant
user it will cause the Domino server to generate an NDR. However
when the Mail
From or Reply address is invalid then the router will go into a
loop trying to
process a mail to a non-existant user from a non-existant user
with an invalid
or no reply address.

There is a parameter called: "SMTPStrict821AddressSyntax=1"


I ran some tests with the Notes.ini parameter
"SMTPStrict821AddressSyntax=1".
When this parameter is enabled it does not accept SMTP messages
whose sender or
recipient address is in RFC822. For example:
If the Mail From: is "Michelle purcell"<mpurcell@ie.ibm.com>
then the SMTP
listener task generates a 501 Syntax error message.
If the Mail From is <mpurcell@ie.ibm.com> then this is accepted
OK. So only
RFC821 addresses are accepted.

The Company DTZ receives both RFC821 and RFC822 mails from
external senders.
Therefore this would not work for this customer.
They would like to see a more flexible parameter which checks
and allows for
both formats. This would then prevent messages containing
invalid (i.e. poorly
constructed email addresses through preventing further
complications of SPAM.

For Example:

The message is addressed to xyz@dtz.com. This is compliant with
RFC821. But the
return address of the sender(spammer) is
"<92134517DF67254AA47D10AB60600C420230EC0F@MAIL.clients.whiteine
t.com>"

It is received by their Mail Gateway which scans the mail.
(They cannot apply filters at the Gateway as they found that
this caused
genuine messages to get lost with little tracking or logging)

So when this SPAM mail addressed to xyz@dtz.com reaches the
domino server, it
generates a reply to the sender (delivery failure report).  ,
"<92134517DF67254AA47D10AB60600C420230EC0F@MAIL.clients.whiteine
t.com>" .
Since the return address is not valid it generates an error
during transfer
and  holds up the email queue.  The sender address is not RFC
compliant and the
router task eventually hangs after processing thousands of these
types of
mails. (the router issue is being troubleshooted separately...)

Local fix

  • Turn this feature on from the Relay Host/Gateway software (i.e.
MIMESWEEPER)
This is not the best workaround as you can have several
different domains
routing through the same gateway and this restricts all domains
as opposed to
the one that wants to have this validation which in this case is
the Domino
Domain.

Using the R6 feature to verify that the sender exists in the
domino directory
is also not a workaround applicable to this customer as they
have a smarthost
which connects to an exchange server and this would mean having
to set us
Directory assistance to allow non-domino users to receive SMTP
mail.

Using the config document options to restrict and verify the DNS
of the SMTP
connection will also not help as they are using a Relay host to
pass the
messages to the Domino SMTP server.

Problem summary

  • A programming error was found but will not be corrected. It will

Problem conclusion

  • A programming error was found but will not be corrected. It will

Temporary fix

  • 



Comments


    

  • This APAR is associated with SPR# MPUL649HHK.

    



APAR Information




    

  • APAR number
    LO42921
    • 

  • Reported component name
    NOTES CLIENT
    • 

  • Reported component ID
    5724E6255
    • 

  • Reported release
    850
    • 

  • Status
    CLOSED  PRS
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2009-08-03
    • 

  • Closed date
    2009-08-14
    • 

  • Last modified date
    2009-08-14
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • NA

    



Fix information


    



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Product":{"code":"SSKTWP","label":"Lotus Notes"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Edition":"","Line of Business":{"code":"","label":""}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            14 August 2009
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback