On Wed, 23 Aug 2006 11:21:12 +0200 "Michael Fischer v. Mollard"
<exim-users@???> wrote:
>
>
> -- On Tuesday, August 22, 2006 17:19:14 +0100 Chris Lightfoot wrote:
>
> > On Tue, Aug 22, 2006 at 05:14:26PM +0100, Phil Chambers wrote:
> > [...]
> >> However, the messages which are being rejected have non-ASCII in the
> >> header names (the part before the colon - RFC2822 calls them field
> >> names), which makes it more problematic. I really would prefer to
> >> reject these messages at the DATA phase. Any ideas?
> >
> > see <565A0E05A5407BFAB0BC0189@???> from earlier
> > today, which suggests,
> >
> > # header field name with 8-bit char
> > deny message = Your message contains invalid headers
> > log_message = message header 8-bit
> > condition = ${if match{$message_headers}{(?im)^[^:
> > ]*[\x80-\xFF]+[^:]*:}{1}{0}}
> >
>
> This has problems with wrapped subject lines - maybe
>
> condition = ${if match{$message_headers}{(?m)^[^:
> \t]+[\x80-\xFF]+[^:]*:}{1}{0}}
>
> would be safer.
>
> Allways be careful with regexps, as they might math more than you expect.
> For the current anoying spam a
>
> condition = ${if
> match{$message_headers}{(?im)^[\x80-\xFF]+Message-ID:}{1}{0}}
>
> is sufficient.
>
> Michael
Thanks very much for the suggestions. I am going with:
condition = ${if match{$message_headers} \
{\N(?m)^[^:\s]*[\x80-\xFF]+[^:]*:\N} {yes}{no}}
(Note the \N...\N wrapping which is needed and I am allowing for continuation
lines with \s.) I am tempted to try restricting to \x21-\x35,\x37-\x7e which is
what RFC2822 gives as valid for field names.
I am using "warn" at the moment and taking copies. I will run that way for a
while to see if I get false positives. I will also take a look to see if I get
any false positives with 8-bit anywhere in the header.
Phil.
---------------------------------------
Phil Chambers (postmaster@???)
University of Exeter
