smtpd.py should not decode utf-8

[lpolzer]

BPO	19662
Nosy	@warsaw, @vstinner, @bitdancer, @soltysh, @zvyn
Files	smtpd_charset_latin1.diff: Make smtpd.py use latin1 instead of utf-8 as default decoding. python3.3-lib-smtpd-patch.diff: move utf-8 decode to the end of line rcv process switch_while_decode1.patch: Patch to switch between utf8 and binary decode with decode_data variable switch_while_decode2.patch: Switch between utf8 and binary decode based on decode_data var issue19662_v1.patch: decode_data extension for smptd (patch v1) issue19662_v2.patch: decode_data extension for smptd (patch v2) issue19662_v3.patch: decode_data extension for smptd (patch v3)

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2014-06-11.15:25:23.243>
created_at = <Date 2013-11-20.10:51:43.730>
labels = ['type-feature', 'library', 'expert-email']
title = 'smtpd.py should not decode utf-8'
updated_at = <Date 2015-05-19.11:19:16.216>
user = 'https://bugs.python.org/lpolzer'

bugs.python.org fields:

activity = <Date 2015-05-19.11:19:16.216>
actor = 'r.david.murray'
assignee = 'none'
closed = True
closed_date = <Date 2014-06-11.15:25:23.243>
closer = 'r.david.murray'
components = ['Library (Lib)', 'email']
creation = <Date 2013-11-20.10:51:43.730>
creator = 'lpolzer'
dependencies = []
files = ['32719', '32861', '34700', '34704', '35390', '35404', '35409']
hgrepos = []
issue_num = 19662
keywords = ['patch']
message_count = 29.0
messages = ['203467', '203473', '203477', '203488', '203496', '203497', '204527', '204540', '210431', '210433', '213897', '214010', '215375', '216843', '217135', '218888', '218899', '218900', '219308', '219353', '219363', '219382', '220278', '220279', '220284', '243348', '243564', '243579', '243580']
nosy_count = 13.0
nosy_names = ['barry', 'richard', 'vstinner', 'Arfrever', 'r.david.murray', 'jesstess', 'python-dev', 'maciej.szulik', 'lpolzer', 'Illirgway', 'Duke.Dougal', 'zvyn', 'sreepriya']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'enhancement'
url = 'https://bugs.python.org/issue19662'
versions = ['Python 3.5']

[lpolzer]

http://hg.python.org/cpython/file/3.3/Lib/smtpd.py#l289

as of now decodes incoming bytes as UTF-8.

An SMTP server must not attempt to interpret characters beyond ASCII, however. Originally mail servers were not 8-bit clean, meaning they would only guarantee the lower 7 bits of each octet to be preserved.
However even then they were not expected to choke on any input because of attempts to decode it into a specific extended charset. Whenever a mail server does not need to interpret data (like base64-encoded auth information) it is simply left alone and passed through.

I am not aware of the reasons that caused the current state, but to correct this behavior and make it possible to support the 8BITMIME feature I suggest decoding received bytes as latin1, leaving it to the user to reinterpret it as UTF-8 or whatever charset they need. Any other simple extended encoding could be used for this, but latin1 is the default in asynchat.

The documentation should also mention charset handling. I'll be happy to submit a patch for both code and docs.

[lpolzer]

Patch attached. This also adds some more charset clarification to the docs and corrects a minor spelling issue.

It is also conceivable that we add a charset attribute to the class. This should have the safe default of latin1, and some notes in the docs that setting this to utf-8 (and probably other utf-* encodings) is not really standards-compliant.

[bitdancer]

This bug was apparently introduced as part of the work from bpo-4184 in python 3.2. My guess, looking at the code, is that the module simply didn't work before that patch, since it would have been attempting to join binary data using a string join (''.join(...)). Richard says in the issue that he wrote tests, so he probably figured out it wasn't working and "fixed" it. It looks like there was no final review of his patch (at least not via the tracker...the patch uploaded to the tracker did not include the decode). Not that a final review would necessarily have caught the bug...

The problem here is backward compatibility.

In terms of the API, it really ought to be producing binary data, and not decoding at all. But, at the time he wrote the patch the email package couldn't handle binary data (Richard's patch landed in July 2010, binary support in the email package landed in October), so presumably nobody was thinking about binary emails.

I'm really not sure what to do here, I'll have to give it some thought.

[lpolzer]

Since this is my first contribution I'm not entirely sure about the fine details of backwards compatibility in Python, so please forgive me if I'm totally missing the mark here.

There are facilities in smtpd's parent class asynchat that perform the necessary conversions automatically if the user sets an encoding, so smtpd should be adjusted to rely on that and thus give the user the opportunity to choose for themselves.

Then it boils down to breaking backwards compatibility by setting a default encoding, which could be none as you suggest or latin1 as I suggest; either will probably be painful for current users.

My take here is that whoever is using this code for their SMTP server and hasn't given the encoding issues any thought will need to take a look at their code in that respect anyway, so IMHO a break with compatibility might be a bit painful but necessary.

If you agree then I will gladly rework the patch to have smtpd work with an underlying byte stream by default, rejecting anything non-ASCII where necessary.

Later patches could bring 8BITMIME support to smtpd, with charset conversion as specified by the MIME metadata.

[bitdancer]

I think the only backward compatible solution is to add a switch of *some* sort (exact API TBD), whose default is to continue to decode using utf-8, and document it as wrong.

Conversion of an email to unicode should be handled by the email package, not by smtpd, which is why I say smtpd should be emitting binary.

As I say, I need to find time to look at the current API in more detail before I'll be comfortable discussing the new API. I've put it on my list, but likely I won't get to it until the weekend.

[bitdancer]

Oh, and to clarify: the backward compatibility is that if code works with X.Y.Z, it should work with X.Y.Z+1. So even though correctly handling binary mail would indeed require someone to reexamine their code, if things happen to be working OK for them (eg: their program only needs to handle utf-8 email), we don't want to break their working program.

[Illirgway]

Here is another patch for fixing this issue:

Illirgway/cpython@12d7c59

Sorry for my bad english

[bitdancer]

As I said, the decoding needs to be controlled by a switch (presumably a keyword argument to SMTPServer) that defaults to the present (incorrect) behavior.

[DukeDougal]

Is there a workaround for this as I'd like to just be receiving binary data from SMTPD. I'm new to this system - is this scheduled for fixing in Python 3.4?

[bitdancer]

Unfortunately I did not get to this before the 3.4 beta release, so no, it won't be fixed in 3.4.

You can work around it by overriding collect_incoming_data in your subclass and doing data.decode('ascii', 'surrogateescape') instead of str(data, 'utf-8'), and then doing mydata.encode('ascii', 'surrogateescape') at the point where you want to turn the data back into binary.

[sreepriya]

Hi David,

I would like to work on this bug. Can you give some more insights about the main issue? As far as I understood, the smtp server is now decoding the incoming bytes as UTF-8. Why do you say that it is not the right way? Can you give some idea about the right convention? Also, you mention about a solution with a switch statement having default case as utf8. What are the other cases? And you also mention that smtpd should be emitting binary and unicode should be handled by the email package.
But is it possible to make that change now as other functions depending on this might be affected?

[bitdancer]

I propose that we add a new keyword argument to SMTP's __init__, 'decode_data'. This would be set to True by default, and would preserve the current behavior of passing utf-8 decoded data to process_message.

Setting it to True would mean that process_message would get passed binary (undecoded) data.

In 3.5 we add this keyword, but we immediately deprecate 'decode_data=True'. In 3.6 we change the default to decode_data=False, and we deprecate the decode_data keyword. Then in 3.7 we drop the decode_data keyword.

Now, as for implementation: what 'push' currently does (encode to ascii) is just fine for now. What we need to change is collect_incoming_data (where the decode happens) and found_terminator (where the data is passed to other parts of the class or its subclasses).

When decode_data is False, collect_incoming_data should not decode. received_lines should be binary. Then, in found_terminator the else branch of the if can pass the binary received_lines into process_message (care will be needed to use the correct data types for the various operations). In the first branch of the if, though, when decode_data is False the data will now need to be decoded (still, I think, using utf-8) so that text can still be used to manipulate this part of the API, since unlike the message data it *is* conceptually text, just encoded as ASCII. (I suggest still decoding using utf-8 rather than ASCII because this will be useful when we implement RFC6531.) This will provide for the smallest number of needed changes to subclasses when converting to decode_data=False mode.