Hi there,
Since a few weeks, I receive some warnings which look like this :
Message 1GJpyf-0002qL-4W has been frozen (delivery error message).
The sender is <>.
The following address(es) have yet to be delivered:
%mailboxforspam%@%domain%.com <%user%@???>: LMTP error after
end of data: 554 5.6.0 Message contains invalid header
Do I have to use your system to filter 8-bits headers ?
Isn't it a little bit too strict ? (I mean, have you ever had false
positives with that rule)
I did not change anything in Exim's configuration. Does anybody has an
idea why I suddenly get such messages ?
Many thanks.
Cheers
Phil Chambers a écrit :
> On Wed, 23 Aug 2006 11:21:12 +0200 "Michael Fischer v. Mollard"
> <exim-users@???> wrote:
>>
>>-- On Tuesday, August 22, 2006 17:19:14 +0100 Chris Lightfoot wrote:
>>
>>
>>>On Tue, Aug 22, 2006 at 05:14:26PM +0100, Phil Chambers wrote:
>>> [...]
>>>
>>>>However, the messages which are being rejected have non-ASCII in the
>>>>header names (the part before the colon - RFC2822 calls them field
>>>>names), which makes it more problematic. I really would prefer to
>>>>reject these messages at the DATA phase. Any ideas?
>>>
>>>see <565A0E05A5407BFAB0BC0189@???> from earlier
>>>today, which suggests,
>>>
>>> # header field name with 8-bit char
>>> deny message = Your message contains invalid headers
>>> log_message = message header 8-bit
>>> condition = ${if match{$message_headers}{(?im)^[^:
>>>]*[\x80-\xFF]+[^:]*:}{1}{0}}
>>>
>>
>>This has problems with wrapped subject lines - maybe
>>
>> condition = ${if match{$message_headers}{(?m)^[^:
>>\t]+[\x80-\xFF]+[^:]*:}{1}{0}}
>>
>>would be safer.
>>
>>Allways be careful with regexps, as they might math more than you
expect.
>>For the current anoying spam a
>>
>> condition = ${if
>>match{$message_headers}{(?im)^[\x80-\xFF]+Message-ID:}{1}{0}}
>>
>>is sufficient.
>>
>>Michael
>
>
> Thanks very much for the suggestions. I am going with:
>
> condition = ${if match{$message_headers} \
> {\N(?m)^[^:\s]*[\x80-\xFF]+[^:]*:\N} {yes}{no}}
>
> (Note the \N...\N wrapping which is needed and I am allowing for
continuation
> lines with \s.) I am tempted to try restricting to
\x21-\x35,\x37-\x7e which is
> what RFC2822 gives as valid for field names.
>
> I am using "warn" at the moment and taking copies. I will run that
way for a
> while to see if I get false positives. I will also take a look to see
if I get
> any false positives with 8-bit anywhere in the header.
>
> Phil.
> ---------------------------------------
> Phil Chambers (postmaster@???)
> University of Exeter
>
>
--
Philippe Vialle
www.mezimail.com / independant computer technician
Paris