[exim-dev] More on parsing RFC 2822 date fields

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Michael Haardt
Ημερομηνία:  
Προς: exim-dev
Αντικείμενο: [exim-dev] More on parsing RFC 2822 date fields
Hello,

I tried two applications of the new code.

The first is a new variable $submission_age, which contains the age of
"Resent-Date:" or "Date:", if the first is missing, relative to the
current time. As expected, most mail arrives more or less in time.
Surprisingly, up to now I had no legitimate mail coming from the future,
whereas some spam does. Some spam is up to a few hours or even days old,
but legitimate mail may be just the same, although usually it is not.
Only one spammer had the month wrong. Not allowing mail to come more
than up to 5 minutes from the future, and depending on your users, even
less, may be a good idea. It is not as easy to set a bound for the past.
Perhaps 14 days may be useful to catch bogus host clocks.

The second is an added check in "header_syntax": Do date fields conform
to RFC 2822? Very few spammers get this wrong, one with an empty field,
but Ebay does for notifications of watched auctions, and only for those:
They use the time zone "GMT-0700", not "-0700". Besides, the year only
has two digits, which is allowed, but not nice. The German customer
support promised it would be fixed, but it may take a while. Amazing,
but true: They answered quickly and understood the problem right away.
I am curious when it will be fixed.

Any further ideas what you want to check? It was mentioned that the
age should be absolute, not relative. Tell me which applications you
have in mind for that.

Michael