I sent the following message to a UK mail manager's list, but received
limited response to the general query. So I submit it to this wider
audience and would gratefully receive any comments you may have.
For years I have used an Exim ACL chunk on my MXs (publically described in
various sources) which refuses email which has 8-bit content in the
message headers. Unfortunately, it was only until very recently I
realised it was never firing, so I fixed it.
## MX: 8-bit headers
## Only spammers put 8-bit junk in "Subject" and "From".
## This check catches a lot of spam originating from Asia, until they
## implement RFC 2047.
deny message = 8-bit characters not allowed in the Subject:\n\
(see RFC 2822, sections 3.6.5, 2.2.1)\n\
REFUSENOTICE
condition = ${if match {$h_subject:} {\N[\x80-\xFF]{3,}\N} {yes}{no}}
deny message = 8-bit characters not allowed in header addresses\n\
(see RFC 2822, sections 3.4, 3.2.4, 3.2.5)\n\
REFUSENOTICE
condition = ${if match {$h_from:} {\N[\x80-\xFF]{3,}\N} {yes}{no}}
Since fixing, there have been a number of queries from correspondents
unable to get their mail through to recipients here; it seems they are
sending messages with 8-bit content in the From: or Subject: fields (often
Russian or Chinese) which is not being encoded 7-bit for transmission as
dictated by RFC 2047.
To this point I have been suggesting that the sending mail clients are not
fit for purpose because they are not properly conforming to the standards,
however today I found that Yahoo's webmail will allow people to enter
8-bit for their name in the "From" address, and will happily include it in
outgoing messages without encoding. I do not know if other webmail
systems are similarly afflicted. A casual glance through today's
rejections suggest (presumably, non-spam) messages coming from Bebo and
EBay also get caught, as are lots of obviously-spam.
Given that I have lived without this rule in place for so long
(unwittingly), I wonder if there is any point keeping it in. So my
question is simply, does anyone else employ a comparable rule?
I don't like permitting behaviour which is contrary to the standards -- I
have a long record of making a firm stand against other RFC violations
despite repeated complaints -- but maybe I'm being a bit too extreme on
this one.
Does anyone know offhand if SpamAssassin scores for 8-bit content of
messages headers?
Yesterday's MX stats for interest:
Connections: total made 591542
Messages accepted for processing 61062
Rejects/content: 8bit characters in Subject: 273
Rejects/content: 8bit characters in From: 31
Jethro.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services
University Of Strathclyde, Glasgow, UK
