[exim] 8-bit header content

Top Page
Delete this message
Reply to this message
Author: Jethro R Binks
Date:  
To: exim-users
Subject: [exim] 8-bit header content
I sent the following message to a UK mail manager's list, but received
limited response to the general query. So I submit it to this wider
audience and would gratefully receive any comments you may have.

For years I have used an Exim ACL chunk on my MXs (publically described in
various sources) which refuses email which has 8-bit content in the
message headers. Unfortunately, it was only until very recently I
realised it was never firing, so I fixed it.

  ## MX: 8-bit headers
  ## Only spammers put 8-bit junk in "Subject" and "From".
  ## This check catches a lot of spam originating from Asia, until they
  ## implement RFC 2047.
  deny   message   = 8-bit characters not allowed in the Subject:\n\
                     (see RFC 2822, sections 3.6.5, 2.2.1)\n\
                     REFUSENOTICE
         condition = ${if match {$h_subject:} {\N[\x80-\xFF]{3,}\N} {yes}{no}}
  deny   message   = 8-bit characters not allowed in header addresses\n\
                     (see RFC 2822, sections 3.4, 3.2.4, 3.2.5)\n\
                     REFUSENOTICE
         condition = ${if match {$h_from:} {\N[\x80-\xFF]{3,}\N} {yes}{no}}


Since fixing, there have been a number of queries from correspondents
unable to get their mail through to recipients here; it seems they are
sending messages with 8-bit content in the From: or Subject: fields (often
Russian or Chinese) which is not being encoded 7-bit for transmission as
dictated by RFC 2047.

To this point I have been suggesting that the sending mail clients are not
fit for purpose because they are not properly conforming to the standards,
however today I found that Yahoo's webmail will allow people to enter
8-bit for their name in the "From" address, and will happily include it in
outgoing messages without encoding. I do not know if other webmail
systems are similarly afflicted. A casual glance through today's
rejections suggest (presumably, non-spam) messages coming from Bebo and
EBay also get caught, as are lots of obviously-spam.

Given that I have lived without this rule in place for so long
(unwittingly), I wonder if there is any point keeping it in. So my
question is simply, does anyone else employ a comparable rule?

I don't like permitting behaviour which is contrary to the standards -- I
have a long record of making a firm stand against other RFC violations
despite repeated complaints -- but maybe I'm being a bit too extreme on
this one.

Does anyone know offhand if SpamAssassin scores for 8-bit content of
messages headers?

Yesterday's MX stats for interest:

  Connections: total made     591542
  Messages accepted for processing      61062
    Rejects/content: 8bit characters in Subject:        273
    Rejects/content: 8bit characters in From:         31


Jethro.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services
University Of Strathclyde, Glasgow, UK