Re: [exim] non-address header syntax checking

Top Page
Delete this message
Reply to this message
Author: Philippe
Date:  
To: Phil Chambers
CC: exim-users, Chris Lightfoot, Michael Fischer v. Mollard, Kjetil Torgrim Homme
Subject: Re: [exim] non-address header syntax checking
Hi there,

Since a few weeks, I receive some warnings which look like this :

Message 1GJpyf-0002qL-4W has been frozen (delivery error message).
The sender is <>.
The following address(es) have yet to be delivered:
%mailboxforspam%@%domain%.com <%user%@???>: LMTP error after
end of data: 554 5.6.0 Message contains invalid header

Do I have to use your system to filter 8-bits headers ?
Isn't it a little bit too strict ? (I mean, have you ever had false
positives with that rule)

I did not change anything in Exim's configuration. Does anybody has an
idea why I suddenly get such messages ?

Many thanks.

Cheers

Phil Chambers a écrit :
> On Wed, 23 Aug 2006 11:21:12 +0200 "Michael Fischer v. Mollard"
> <exim-users@???> wrote:
>>
>>-- On Tuesday, August 22, 2006 17:19:14 +0100 Chris Lightfoot wrote:
>>
>>
 >>>On Tue, Aug 22, 2006 at 05:14:26PM +0100, Phil Chambers wrote:
 >>>    [...]

>>>
>>>>However, the messages which are being rejected have non-ASCII in the
>>>>header names (the part before the colon - RFC2822 calls them field
>>>>names), which makes it more problematic. I really would prefer to
>>>>reject these messages at the DATA phase. Any ideas?
>>>
>>>see <565A0E05A5407BFAB0BC0189@???> from earlier
>>>today, which suggests,
>>>
 >>>     # header field name with 8-bit char
 >>>    deny    message = Your message contains invalid headers
 >>>            log_message = message header 8-bit
 >>>            condition = ${if match{$message_headers}{(?im)^[^:
 >>>]*[\x80-\xFF]+[^:]*:}{1}{0}}

>>>
>>
>>This has problems with wrapped subject lines - maybe
>>
 >>  condition =     ${if match{$message_headers}{(?m)^[^:
 >>\t]+[\x80-\xFF]+[^:]*:}{1}{0}}

>>
>>would be safer.
>>
>>Allways be careful with regexps, as they might math more than you

expect.
>>For the current anoying spam a
>>
>> condition = ${if
>>match{$message_headers}{(?im)^[\x80-\xFF]+Message-ID:}{1}{0}}
>>
>>is sufficient.
>>
>>Michael
>
>
> Thanks very much for the suggestions. I am going with:
>
 >   condition   = ${if match{$message_headers} \
 >                           {\N(?m)^[^:\s]*[\x80-\xFF]+[^:]*:\N} {yes}{no}}

>
> (Note the \N...\N wrapping which is needed and I am allowing for

continuation
> lines with \s.) I am tempted to try restricting to

\x21-\x35,\x37-\x7e which is
> what RFC2822 gives as valid for field names.
>
> I am using "warn" at the moment and taking copies. I will run that

way for a
> while to see if I get false positives. I will also take a look to see

if I get
> any false positives with 8-bit anywhere in the header.
>
> Phil.
> ---------------------------------------
> Phil Chambers (postmaster@???)
> University of Exeter
>
>


--
Philippe Vialle
www.mezimail.com / independant computer technician
Paris