[Mimedefang] Received headers in general

kd6lvw at yahoo.com kd6lvw at yahoo.com
Tue May 22 14:42:39 EDT 2012 

--- On Tue, 5/22/12, George Roberts <groberts at purity.net> wrote:
> > Exchange uses SMTP but generates
> a syntactically incorrect header.  Similarly
> > with Google's gmail (it often omits the "from" clause when required),
> > Yahoo's use of an unregistered protocol ("with NNFMP"*), qmail, and of late,
> > exim.
> 
> Do you also then block mail from Gmail, Yahoo, qmail and
> exim if their Received lines are incorrectly formatted?

Yes.  I reject ALL messages with incorrectly formatted Received lines.

Note that as long as there's no "with" clause, a syntactically correct line consists of some random text, a semicolon, and a date stamp.  If a "with" clause is present, its protocl is checked against a list which conisists of the valid types listed by the IANA, plus this regex: "(HT|NN)TPS?A?".  If it does not match, it is rejected.  If it matches "(D|E|UTF8)?(L|S)MTP8?S?A?", then "from" and "by" is required, "via" (if present) is checked for an atom, and the "id" and "for" fields (if present) are also checked for validity.  The rejection message cites the section of the RFC which the message  violates.  Over 90% of the messages so rejected are clearly spam (i.e. sent to a spamtrap mailbox) or have other problems.  Since messages often have multiple received headers, the bad header is displayed at the end of the rejection line after a colon.

For example, here is the sendmail rule rejecting a bogus "with" protocol:

R$* with $- $*        $#error $@ 5.5.2 $: "554 Received header unknown WITH protocol \"" $2 "\" (see http://www.iana.org/assignments/mail-parameters):" $&{currHeader}

Rules checking valid protocols appear before this rule.

As RFC 5321 indicates that the syntax for "Received:" headers is required for SMTP-transmitted messages (section 4.4), I have every right to reject any message via SMTP (or that claims such by including "with SMTP") that does not match the given syntax as a malformed message -- and I do so.

The procedure of checking the "with" clause against various protocols (SMTP or not, or not present) is consistent with RFC 5321 Section 3.7.2's requirement not to reject non-SMTP environment generated received headers on the grounds of not meeting the SMTP required syntax for that header class.  RFC 5322's received header syntax (section 3.6.7) requires the semicolon and date stamp for ALL messages (SMTP or not) transmitted on the Internet, so any message with a received header lacking a semicolon or valid date stamp is also subject to rejection as a malformed message regardless of how it was injected or transmitted.

More information about the MIMEDefang mailing list