Date: Thu, 18 Nov 1999 09:38:11 +0100 From: "James A Wilde" <iq-unlimited@telia.com> To: <freebsd-questions@freebsd.org> Subject: Re: Corruption of file attachments passing late BSD relayers Message-ID: <007a01bf31a0$40e6d020$8c0aa8c0@hk.tbv.se> References: <015a01bf30e8$1c8298d0$8c0aa8c0@hk.tbv.se> <86r9hpw3ay.fsf@localhost.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for your full and detailed reply, Giorgios.
> At first, I would like to apologize for my lengthy posting. Now let us
> see what we can do for your problems :)
No need to apologize. The original was also long.
>
> > Problem description:
> >
> > My employer company's new mail system comprises a Microsoft Exchange server
> > version 5.5 SP2 protected by a FreeBSD UNIX version 2.2.5 firewall..
>
> Your FreeBSD system is kind of old. Since on the www.freebsd.org pages
> I seem to have noticed that 2.2.8 was the first version of the
> base-system to qualify as Y2K safe, you might consider upgrading to a
> newer version. At least before Jan 1 2000 comes knocking on your door.
It was for just this reason that we built the new machine with v.3.1, and we built a new machine in order to be able to test it before the old one was taken out of service.
>
> > The internal clients use > the FreeBSD machine as their smtp server.
> > The system has run very > satisfactorily for about a year and a half.
>
> You are using FreeBSD as the server's OS. But what are you using as
> your smtp server or imap4 server software?
This machine is used only for sending mail. As far as I can see we are using the Firewall toolkits smtp-gw but I must admit I don't know whether than uses sendmail or smap. Imap and Pop3 services run on the Exchange server.
>
> > About three weeks ago a new smtp server was installed outside the firewall.
> > This runs FreeBSD UNIX version 3.1.
>
> What smtp server software are you using? Which version?
Juniper smtpd and smtpfwdd version 2.0
>
> > Almost immediately reports began to come in of corrupted file
> > attachments. Hitherto only Microsoft Word and Excel documents have
> > been examined since these were readily available.
>
> On a Windows platform there are lots of other binary formats you can use
> for testing how your attachments work. The executables .exe and .dll
> might be of some use, archives like .zip and/or .rar files was what I
> would use next, etc. etc. endless binary formats.
True, but the results are easier to see in a simple doc or xls file!
>
> > The new smtp server was at first assumed to be the cause and was taken
> > out of the system, whereupon the level of reports reduced drastically
> > but did not disappear altogether.
>
> Which means that the new server was not the real cause of the problem,
> but somehow helped in making things even worse.
... or that the new server displayed on 100% of outgoing messages behaviour which had hitherto only been shown by a small proportion of them.
>
> > Further investigation confirmed that the problem had not disappeared
> > with the removal of the smtp server. Mail passing in one direction
> > from an account with one local Internet service provider to our
> > company Exchange server could be relied upon to corrupt file
> > attachments provided the client program was configured for html
> > format.
>
>
> > Mail passing out from our Exchange server to the same account
> > was apparently not affected.
>
> When mail is sent from Exchange to the ISP server, the protocols
> involved are (correct me if I'm wrong):
>
> smtp smtp
> Exchange ------> FreeBSD ------> ISP's smtp server
I expressed myself badly here. Mail never goes from Exchange to the ISP since FreeBSD is the smtp server. I should have said 'when mail is sent from an internal client' So the picture is:
smtp
FreeBSD------------> ISP's smtp server
>
> This means that the following programs work correctly (at least as
> they're expected to work):
>
> * Your Exchange smtp forwarder.
It does, but from independent tests, not as part of standard procedure.
> * The smtp listener of your FreeBSD, and it's smtp forwarder
> (these are usually part of the same package).
Correct
> * The ISP's smtp listener.
Correct
>
> > Mail to and from accounts with two other major Internet service
> > providers passed without corruption of the file attachments.
>
> Assuming that you're using the same FreeBSD machine as above, the plan
> now would be something like:
Corrected:
>
> smtp
> FreeBSD <------> ISP's smtp server
> :
> : later on
> imap4 :
> Outlook <-------> FreeBSD
>
> > File attachments to mail from our Exchange server back to our Exchange
> > server routed via the new smtp server were also corrupted in a
> > reproducible manner.
>
> The fact that your attachments are corrupted means that one of the
> programs involved in this type of connection does not work as expected.
> Let's see what programs are involved:
>
> * The ISP's smtp forwarder.
Not known
> * The FreeBSD's smtp listener.
On the new FreeBSD machine this is Juniper smtpd and smtpfwdd
> * The imap4 server on FreeBSD.
The imap4 server is on Exchange not FreeBSD.
* a fourth alternative is some function of the opsys on FreeBSD and the ISPs machine
>
> You can check if mail reaches the FreeBSD machine without being
> corrupted by your ISP's smtp forwarder or the FreeBSD listener, by the
> following simple process. Install some mail user agent on the FreeBSD
> machine; well known such programs include Pine, Mutt, elm, etc. Then
> (after making sure that imap4 server is not running) copy a mailbox that
> contains some attachments to /tmp and restart imap4 server, so as not to
> hinder the users trying to access their mail through imap4. Then open
> the mailbox with a mail user agent in FreeBSD, and see if you can
> extract the attached documents. Check with a non-corrupted copy of the
> documents to see if you managed to extract them correctly. This can be
> as simple as FTP'ing a copy of the documents, and using cmp(1) as in:
>
> % cmp good.doc attached.doc ; echo $?
>
> if that prints zero (0), then the attached document is fine.
Can one not simply mail to an account on this machine? And can one not draw the conclusion that, since the other (older) smtp machine, running FreeBSD 2.2.5, receives corrupted files from the affected ISP and not from the other ISPs that the corruption takes place at the ISP machine?
Thanks again for making me critically examine what I have done to date and trying to formulate a procedure for the next stage.
mvh/regards
James Wilde
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007a01bf31a0$40e6d020$8c0aa8c0>