From owner-freebsd-questions Thu Nov 18 0:36:32 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mailf.telia.com (mailf.telia.com [194.22.194.25]) by hub.freebsd.org (Postfix) with ESMTP id 7A7BD14E65 for ; Thu, 18 Nov 1999 00:36:25 -0800 (PST) (envelope-from iq-unlimited@telia.com) Received: from tbvhks12 (t3o72p118.telia.com [62.20.151.118]) by mailf.telia.com (8.9.3/8.9.3) with SMTP id JAA06943 for ; Thu, 18 Nov 1999 09:36:23 +0100 (CET) Message-ID: <007a01bf31a0$40e6d020$8c0aa8c0@hk.tbv.se> From: "James A Wilde" To: References: <015a01bf30e8$1c8298d0$8c0aa8c0@hk.tbv.se> <86r9hpw3ay.fsf@localhost.hell.gr> Subject: Re: Corruption of file attachments passing late BSD relayers Date: Thu, 18 Nov 1999 09:38:11 +0100 Organization: IQ Unlimited MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thanks for your full and detailed reply, Giorgios. > At first, I would like to apologize for my lengthy posting. Now let = us > see what we can do for your problems :) No need to apologize. The original was also long. >=20 > > Problem description: > >=20 > > My employer company's new mail system comprises a Microsoft Exchange = server > > version 5.5 SP2 protected by a FreeBSD UNIX version 2.2.5 firewall.. >=20 > Your FreeBSD system is kind of old. Since on the www.freebsd.org = pages > I seem to have noticed that 2.2.8 was the first version of the > base-system to qualify as Y2K safe, you might consider upgrading to a > newer version. At least before Jan 1 2000 comes knocking on your = door. It was for just this reason that we built the new machine with v.3.1, = and we built a new machine in order to be able to test it before the old = one was taken out of service. >=20 > > The internal clients use > the FreeBSD machine as their smtp = server. > > The system has run very > satisfactorily for about a year and a = half. >=20 > You are using FreeBSD as the server's OS. But what are you using as > your smtp server or imap4 server software? This machine is used only for sending mail. As far as I can see we are = using the Firewall toolkits smtp-gw but I must admit I don't know = whether than uses sendmail or smap. Imap and Pop3 services run on the = Exchange server. >=20 > > About three weeks ago a new smtp server was installed outside the = firewall. > > This runs FreeBSD UNIX version 3.1. >=20 > What smtp server software are you using? Which version? Juniper smtpd and smtpfwdd version 2.0 >=20 > > Almost immediately reports began to come in of corrupted file > > attachments. Hitherto only Microsoft Word and Excel documents have > > been examined since these were readily available. >=20 > On a Windows platform there are lots of other binary formats you can = use=20 > for testing how your attachments work. The executables .exe and .dll > might be of some use, archives like .zip and/or .rar files was what I > would use next, etc. etc. endless binary formats. True, but the results are easier to see in a simple doc or xls file! >=20 > > The new smtp server was at first assumed to be the cause and was = taken > > out of the system, whereupon the level of reports reduced = drastically > > but did not disappear altogether. >=20 > Which means that the new server was not the real cause of the problem, > but somehow helped in making things even worse. ... or that the new server displayed on 100% of outgoing messages = behaviour which had hitherto only been shown by a small proportion of = them. >=20 > > Further investigation confirmed that the problem had not disappeared > > with the removal of the smtp server. Mail passing in one direction > > from an account with one local Internet service provider to our > > company Exchange server could be relied upon to corrupt file > > attachments provided the client program was configured for html > > format. >=20 >=20 > > Mail passing out from our Exchange server to the same account > > was apparently not affected. >=20 > When mail is sent from Exchange to the ISP server, the protocols > involved are (correct me if I'm wrong): >=20 > smtp smtp > Exchange ------> FreeBSD ------> ISP's smtp server I expressed myself badly here. Mail never goes from Exchange to the ISP = since FreeBSD is the smtp server. I should have said 'when mail is sent = from an internal client' So the picture is: smtp FreeBSD------------> ISP's smtp server >=20 > This means that the following programs work correctly (at least as > they're expected to work): >=20 > * Your Exchange smtp forwarder. It does, but from independent tests, not as part of standard procedure. > * The smtp listener of your FreeBSD, and it's smtp forwarder > (these are usually part of the same package). Correct > * The ISP's smtp listener. Correct >=20 > > Mail to and from accounts with two other major Internet service > > providers passed without corruption of the file attachments. >=20 > Assuming that you're using the same FreeBSD machine as above, the plan > now would be something like: Corrected: >=20 > smtp > FreeBSD <------> ISP's smtp server > : > : later on > imap4 : > Outlook <-------> FreeBSD >=20 > > File attachments to mail from our Exchange server back to our = Exchange > > server routed via the new smtp server were also corrupted in a > > reproducible manner. >=20 > The fact that your attachments are corrupted means that one of the > programs involved in this type of connection does not work as = expected. > Let's see what programs are involved: >=20 > * The ISP's smtp forwarder. Not known > * The FreeBSD's smtp listener. On the new FreeBSD machine this is Juniper smtpd and smtpfwdd > * The imap4 server on FreeBSD. The imap4 server is on Exchange not FreeBSD. * a fourth alternative is some function of the opsys on FreeBSD and = the ISPs machine >=20 > You can check if mail reaches the FreeBSD machine without being > corrupted by your ISP's smtp forwarder or the FreeBSD listener, by the > following simple process. Install some mail user agent on the FreeBSD > machine; well known such programs include Pine, Mutt, elm, etc. Then > (after making sure that imap4 server is not running) copy a mailbox = that=20 > contains some attachments to /tmp and restart imap4 server, so as not = to=20 > hinder the users trying to access their mail through imap4. Then open > the mailbox with a mail user agent in FreeBSD, and see if you can > extract the attached documents. Check with a non-corrupted copy of = the > documents to see if you managed to extract them correctly. This can = be > as simple as FTP'ing a copy of the documents, and using cmp(1) as in: >=20 > % cmp good.doc attached.doc ; echo $? >=20 > if that prints zero (0), then the attached document is fine. Can one not simply mail to an account on this machine? And can one not = draw the conclusion that, since the other (older) smtp machine, running = FreeBSD 2.2.5, receives corrupted files from the affected ISP and not = from the other ISPs that the corruption takes place at the ISP machine? Thanks again for making me critically examine what I have done to date = and trying to formulate a procedure for the next stage. mvh/regards James Wilde To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message