Re: [exim] non-address header syntax checking

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Phil Chambers
Fecha:  
A: Michael Fischer v. Mollard
Cc: exim-users, Kjetil Torgrim Homme, Chris Lightfoot
Asunto: Re: [exim] non-address header syntax checking

On Wed, 23 Aug 2006 11:21:12 +0200 "Michael Fischer v. Mollard"
<exim-users@???> wrote:

>
>
> -- On Tuesday, August 22, 2006 17:19:14 +0100 Chris Lightfoot wrote:
>
> > On Tue, Aug 22, 2006 at 05:14:26PM +0100, Phil Chambers wrote:
> >     [...]
> >> However, the messages which are being rejected have non-ASCII in the
> >> header  names (the part before the colon - RFC2822 calls them field
> >> names), which makes  it more problematic. I really would prefer to
> >> reject these messages at the DATA  phase. Any ideas?

> >
> > see <565A0E05A5407BFAB0BC0189@???> from earlier
> > today, which suggests,
> >
> >      # header field name with 8-bit char
> >     deny    message = Your message contains invalid headers
> >             log_message = message header 8-bit
> >             condition = ${if match{$message_headers}{(?im)^[^:
> > ]*[\x80-\xFF]+[^:]*:}{1}{0}}

> >
>
> This has problems with wrapped subject lines - maybe
>
>   condition =     ${if match{$message_headers}{(?m)^[^: 
> \t]+[\x80-\xFF]+[^:]*:}{1}{0}}

>
> would be safer.
>
> Allways be careful with regexps, as they might math more than you expect.
> For the current anoying spam a
>
> condition = ${if
> match{$message_headers}{(?im)^[\x80-\xFF]+Message-ID:}{1}{0}}
>
> is sufficient.
>
> Michael


Thanks very much for the suggestions. I am going with:

  condition   = ${if match{$message_headers} \
                          {\N(?m)^[^:\s]*[\x80-\xFF]+[^:]*:\N} {yes}{no}}


(Note the \N...\N wrapping which is needed and I am allowing for continuation
lines with \s.) I am tempted to try restricting to \x21-\x35,\x37-\x7e which is
what RFC2822 gives as valid for field names.

I am using "warn" at the moment and taking copies. I will run that way for a
while to see if I get false positives. I will also take a look to see if I get
any false positives with 8-bit anywhere in the header.

Phil.
---------------------------------------
Phil Chambers (postmaster@???)
University of Exeter