Date: Thu, 18 Nov 1999 09:38:11 +0100 From: "James A Wilde" <iq-unlimited@telia.com> To: <freebsd-questions@freebsd.org> Subject: Re: Corruption of file attachments passing late BSD relayers Message-ID: <007a01bf31a0$40e6d020$8c0aa8c0@hk.tbv.se> References: <015a01bf30e8$1c8298d0$8c0aa8c0@hk.tbv.se> <86r9hpw3ay.fsf@localhost.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for your full and detailed reply, Giorgios. > At first, I would like to apologize for my lengthy posting. Now let = us > see what we can do for your problems :) No need to apologize. The original was also long. >=20 > > Problem description: > >=20 > > My employer company's new mail system comprises a Microsoft Exchange = server > > version 5.5 SP2 protected by a FreeBSD UNIX version 2.2.5 firewall.. >=20 > Your FreeBSD system is kind of old. Since on the www.freebsd.org = pages > I seem to have noticed that 2.2.8 was the first version of the > base-system to qualify as Y2K safe, you might consider upgrading to a > newer version. At least before Jan 1 2000 comes knocking on your = door. It was for just this reason that we built the new machine with v.3.1, = and we built a new machine in order to be able to test it before the old = one was taken out of service. >=20 > > The internal clients use > the FreeBSD machine as their smtp = server. > > The system has run very > satisfactorily for about a year and a = half. >=20 > You are using FreeBSD as the server's OS. But what are you using as > your smtp server or imap4 server software? This machine is used only for sending mail. As far as I can see we are = using the Firewall toolkits smtp-gw but I must admit I don't know = whether than uses sendmail or smap. Imap and Pop3 services run on the = Exchange server. >=20 > > About three weeks ago a new smtp server was installed outside the = firewall. > > This runs FreeBSD UNIX version 3.1. >=20 > What smtp server software are you using? Which version? Juniper smtpd and smtpfwdd version 2.0 >=20 > > Almost immediately reports began to come in of corrupted file > > attachments. Hitherto only Microsoft Word and Excel documents have > > been examined since these were readily available. >=20 > On a Windows platform there are lots of other binary formats you can = use=20 > for testing how your attachments work. The executables .exe and .dll > might be of some use, archives like .zip and/or .rar files was what I > would use next, etc. etc. endless binary formats. True, but the results are easier to see in a simple doc or xls file! >=20 > > The new smtp server was at first assumed to be the cause and was = taken > > out of the system, whereupon the level of reports reduced = drastically > > but did not disappear altogether. >=20 > Which means that the new server was not the real cause of the problem, > but somehow helped in making things even worse. ... or that the new server displayed on 100% of outgoing messages = behaviour which had hitherto only been shown by a small proportion of = them. >=20 > > Further investigation confirmed that the problem had not disappeared > > with the removal of the smtp server. Mail passing in one direction > > from an account with one local Internet service provider to our > > company Exchange server could be relied upon to corrupt file > > attachments provided the client program was configured for html > > format. >=20 >=20 > > Mail passing out from our Exchange server to the same account > > was apparently not affected. >=20 > When mail is sent from Exchange to the ISP server, the protocols > involved are (correct me if I'm wrong): >=20 > smtp smtp > Exchange ------> FreeBSD ------> ISP's smtp server I expressed myself badly here. Mail never goes from Exchange to the ISP = since FreeBSD is the smtp server. I should have said 'when mail is sent = from an internal client' So the picture is: smtp FreeBSD------------> ISP's smtp server >=20 > This means that the following programs work correctly (at least as > they're expected to work): >=20 > * Your Exchange smtp forwarder. It does, but from independent tests, not as part of standard procedure. > * The smtp listener of your FreeBSD, and it's smtp forwarder > (these are usually part of the same package). Correct > * The ISP's smtp listener. Correct >=20 > > Mail to and from accounts with two other major Internet service > > providers passed without corruption of the file attachments. >=20 > Assuming that you're using the same FreeBSD machine as above, the plan > now would be something like: Corrected: >=20 > smtp > FreeBSD <------> ISP's smtp server > : > : later on > imap4 : > Outlook <-------> FreeBSD >=20 > > File attachments to mail from our Exchange server back to our = Exchange > > server routed via the new smtp server were also corrupted in a > > reproducible manner. >=20 > The fact that your attachments are corrupted means that one of the > programs involved in this type of connection does not work as = expected. > Let's see what programs are involved: >=20 > * The ISP's smtp forwarder. Not known > * The FreeBSD's smtp listener. On the new FreeBSD machine this is Juniper smtpd and smtpfwdd > * The imap4 server on FreeBSD. The imap4 server is on Exchange not FreeBSD. * a fourth alternative is some function of the opsys on FreeBSD and = the ISPs machine >=20 > You can check if mail reaches the FreeBSD machine without being > corrupted by your ISP's smtp forwarder or the FreeBSD listener, by the > following simple process. Install some mail user agent on the FreeBSD > machine; well known such programs include Pine, Mutt, elm, etc. Then > (after making sure that imap4 server is not running) copy a mailbox = that=20 > contains some attachments to /tmp and restart imap4 server, so as not = to=20 > hinder the users trying to access their mail through imap4. Then open > the mailbox with a mail user agent in FreeBSD, and see if you can > extract the attached documents. Check with a non-corrupted copy of = the > documents to see if you managed to extract them correctly. This can = be > as simple as FTP'ing a copy of the documents, and using cmp(1) as in: >=20 > % cmp good.doc attached.doc ; echo $? >=20 > if that prints zero (0), then the attached document is fine. Can one not simply mail to an account on this machine? And can one not = draw the conclusion that, since the other (older) smtp machine, running = FreeBSD 2.2.5, receives corrupted files from the affected ISP and not = from the other ISPs that the corruption takes place at the ISP machine? Thanks again for making me critically examine what I have done to date = and trying to formulate a procedure for the next stage. mvh/regards James Wilde To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007a01bf31a0$40e6d020$8c0aa8c0>