ntopng icon indicating copy to clipboard operation
ntopng copied to clipboard
verified publisher icon ntop

Notification emails from ntopng not compliant with RFC5321

Open vk5ztv opened this issue 4 months ago • 2 comments

Environment:

  • OS name: Debian
  • OS version: Bookworm (Debian 12)
  • Architecture: Raspberry Pi (Embedded)
  • ntopng version/revision: 6.5.250818

What happened: Sendmail on my local mailserver is complaining that emails from ntop-ng contain bare CR line endings in the message body which violates RFC5321 section 2.3.8:

"2.3.8. Lines

Lines consist of zero or more data characters terminated by the sequence ASCII character "CR" (hex value 0D) followed immediately by ASCII character "LF" (hex value 0A). This termination sequence is denoted as <CRLF> in this document. Conforming implementations MUST NOT recognize or generate any other character or character sequence as a line terminator. Limits MAY be imposed on line lengths by servers (see Section 4).

In addition, the appearance of "bare" "CR" or "LF" characters in text (i.e., either without the other) has a long history of causing problems in mail implementations and applications that use the mail system as a tool. SMTP client implementations MUST NOT transmit these characters except when they are intended as line terminators and then MUST, as indicated above, transmit them only as a <CRLF> sequence."

How did you reproduce it?

Emails were from ntop-ng were failing to be delivered. The sendmail journal entries on the mail server showed message delivery failures/bounces due to bare CR line endings. Adding 'u2,g2' server features to sendmail configures sendmail to replace bare CR with CRLF line endings, but this is a workaround and does not fix the smtp RFC compliance issue with ntop-ng.

Log message from sendmail after adding the u2, g2 parameters:

Aug 18 19:49:02 mail.vk5ztv.ampr.org sm-mta[4497]: 57IAJ1Dk004497: collect: relay=ntop-pi.vk5ztv.ampr.org, from=[email protected], info=Bare carriage return (CR) not allowed, where=body, status=replaced

Debug Information:

Should be enough info above.

vk5ztv avatar Aug 18 '25 10:08 vk5ztv

Hi @vk5ztv the issue should be fixed with the next update (available in a couple of hours), also do you perhaps have some log regarding which alert is not compliant with the rfc? (just to double check)

MatteoBiscosi avatar Nov 19 '25 14:11 MatteoBiscosi

Thanks, Matteo. It was all emails coming from ntop-ng, not just some. I'm only sending emails with severity "Error" or "Emergency", but it didn't seem to matter what the error source was.

vk5ztv avatar Nov 20 '25 02:11 vk5ztv