Re: [Exim] Messages with bad linebreaks

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Adam Moffett
CC: exim-users
Subject: Re: [Exim] Messages with bad linebreaks
On Sat, 5 Oct 2002, Adam Moffett wrote:

> We periodically receive spam messages that seem to contain the entire
> message in their header.


Exactly what do you mean by this? A message's header must conform to the
syntax of RFC 822. Exim will terminate the header and start the body
when it encounters a line that does not mach the header syntax, which is

name: data...

(with possible indented continuations).

> I'm guessing these messages are coming from some poorly written
> spammer software that doesn't put a CRLF between the header and the
> body...or else it's using something other than CRLF at the end of
> each line.


Unless the body looks like header lines, the omission of the blank line
shouldn't matter. Note also that Exim does have a limit on the total
size of the header (though it is quite big - 1Mb by default).

The omission of CRLF altogether could create one enormously long header
line, I suppose. Maybe that's the problem. You could perhaps detect such
a thing using a regular expression like this


[^\r\n]{128,}

which matches at least 128 characters in sequence that are neither CR
nor LF. If applied to $message_header in a filter it might catch what
you want. Just an idea; I haven't tried this.



--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.