violating 822.bis section 2.3?

keeka

Well-Known Member
Dec 8, 2019
204
24
58
I've configured PMG to use a single relay (smarthost). I recently saw a rejected mail with the response:
Code:
552 Message contains bare CR and is violating 822.bis section 2.3 (in reply to end of DATA command)
I changed my mail client to use plaintext and the mail was accepted.

I guess this is a mail client issue. But I was wondering if rejecting mail based on the above is the norm.
 
Last edited:
  • Like
Reactions: keeka
552 Message contains bare CR and is violating 822.bis section 2.3 (in reply to end of DATA command)
hm - could you please share the logs where this line comes from?
smtp-smuggling was more related to bare LF and not bare CR (correct separator is CR LF).
bare CR seems disallowed for quite a longer period.

I don't think that this is a serious issue (or an issue at all) - but am curious.

Thanks!
 
The email concerned was an html quoted reply to an html email, to which I attached 2 PDFs. I tried several times to get it accepted. I am guessing it was something in the quoted html message or the way the mail client quoted that meesage? PMG accepted the message on each occassion, but the remote server only accepted it once I changed the mail client (kopano webclient) to plaintext. I understand it is not an issue with PMG but would like to understand.

Code:
2024-01-17T13:40:35.356307+00:00 smtp postfix/smtpd[44184]: connect from mail.local.lan[192.168.0.31]
2024-01-17T13:40:35.361539+00:00 smtp postfix/smtpd[44184]: Anonymous TLS connection established from mail.local.lan[192.168.0.31]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
2024-01-17T13:40:35.377367+00:00 smtp postfix/smtpd[44184]: 5C17161371: client=mail.local.lan[192.168.0.31]
2024-01-17T13:40:35.379126+00:00 smtp postfix/cleanup[44188]: 5C17161371: message-id=<kcEE.+EefRUcgQJyO6C4N6u/xYQ.gIt+v0pJ2gE@mail.local.lan>
2024-01-17T13:40:35.400029+00:00 smtp postfix/qmgr[374]: 5C17161371: from=<keeka@mydomain.com>, size=1095741, nrcpt=1 (queue active)
2024-01-17T13:40:35.400299+00:00 smtp postfix/smtpd[44184]: disconnect from mail.local.lan[192.168.0.31] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
2024-01-17T13:40:35.533500+00:00 smtp pmg-smtp-filter[39712]: 611FE65A7D8D378ABF: new mail message-id=<kcEE.+EefRUcgQJyO6C4N6u/xYQ.gIt+v0pJ2gE@mail.local.lan>#012
2024-01-17T13:40:40.102802+00:00 smtp postfix/smtpd[44193]: connect from localhost[127.0.0.1]
2024-01-17T13:40:40.104351+00:00 smtp postfix/smtpd[44193]: 19718612C6: client=localhost[127.0.0.1], orig_client=mail.local.lan[192.168.0.31]
2024-01-17T13:40:40.108042+00:00 smtp postfix/cleanup[44188]: 19718612C6: message-id=<kcEE.+EefRUcgQJyO6C4N6u/xYQ.gIt+v0pJ2gE@mail.local.lan>
2024-01-17T13:40:40.176257+00:00 smtp postfix/qmgr[374]: 19718612C6: from=<keeka@mydomain.com>, size=1095892, nrcpt=1 (queue active)
2024-01-17T13:40:40.176572+00:00 smtp pmg-smtp-filter[39712]: 611FE65A7D8D378ABF: accept mail to <user@external.com> (19718612C6) (rule: default-accept)
2024-01-17T13:40:40.178555+00:00 smtp postfix/smtpd[44193]: disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
2024-01-17T13:40:40.179293+00:00 smtp pmg-smtp-filter[39712]: 611FE65A7D8D378ABF: processing time: 4.665 seconds (0, 4.536, 0)
2024-01-17T13:40:40.179704+00:00 smtp postfix/lmtp[44189]: 5C17161371: to=<user@external.com>, relay=127.0.0.1[127.0.0.1]:10023, delay=4.8, delays=0.03/0.05/0.05/4.7, dsn=2.5.0, status=sent (250 2.5.0 OK (611FE65A7D8D378ABF))
2024-01-17T13:40:40.180291+00:00 smtp postfix/qmgr[374]: 5C17161371: removed
2024-01-17T13:40:41.266815+00:00 smtp postfix/smtp[44194]: Trusted TLS connection established to relay.isp.net[123.123.123.123]:587: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
2024-01-17T13:40:42.386793+00:00 smtp postfix/smtp[44194]: 19718612C6: to=<user@external.com>, relay=relay.isp.net[123.123.123.123]:587, delay=2.3, delays=0.07/0.05/1.1/1.1, dsn=5.0.0, status=bounced (host relay.isp.net[123.123.123.123] said: 552 Message contains bare CR and is violating 822.bis section 2.3 (in reply to end of DATA command))
2024-01-17T13:40:42.389268+00:00 smtp postfix/qmgr[374]: 19718612C6: removed
 
Last edited:
then you'll likely have to take this up with the receiver's postmaster - maybe their server has a (potentially overly) strict policy in place..
 
then you'll likely have to take this up with the receiver's postmaster - maybe their server has a (potentially overly) strict policy in place..
I was not sure if it was related to the recent locking down of postfix (in PMG and third party servers).
The mail was accepted by PMG presumably because the same restriction aren't applied to the local smtpd port. Or at least not in my config!

I suspect it is caused by the way the mailclient quoted the message. I will have to work around that.
 
Hi, I am facing the same issue on my PVE. I have seen that some the mails are send correctly. For example the mails for the backup tasks are correct. But others raises this error reason: 552 5.2.0 Message contains bare LF and is violating 822.bis section 2.3.

Sending a test notification works as expected.
 
Last edited:
what kind of message? without more details it will be hard to find out what's going on..
 
what kind of message? without more details it will be hard to find out what's going on..
Hi Fabian,
thank you for the quick response.
You are absolutely right. Sorry, currently I didn't have the information what kind of message raises this error. As far as I got a new one I will post it here.
 
Last edited:
Hi Fabian,
thank you for the quick response.
You are absolutely right. Sorry, currently I didn't have the information what kind of message raises this error. As far as I got a new one I will post it here.
I have newly configured the Notification settings for SMTP. To check if everything is ok I configured a matcher to send all messages to the SMTP receiver. But until now there are no new message with that problem. Strange...
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!