Malformed login packet

Fabian Flückiger f.flueckiger at computech-rz.ch
Tue Oct 13 13:08:57 UTC 2020


Hi all,


I am using NGINX as a mailproxy and recently discovered, that wireshark detects IMAP-LOGIN messages sent by nginx as "Malformed".

The message contains: Line: 3 LOGIN {18}\r\n (HEX: 0000   33 20 4c 4f 47 49 4e 20 7b 31 38 7d 0d 0a)


Some imap servers react to this with "BAD UNKNOWN Command" and close the connection.


Here the full communication between nginx and backend:

3 LOGIN {18}

+ go ahead

<redacted user> {9}

+ go ahead

<redacted pass>

3 OK LOGIN completed

4 CAPABILITY


BAD UNKNOWN Command


any ideas?

best regards

Fabian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20201013/ba19e635/attachment.htm>


More information about the nginx mailing list