------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=844
Summary: h_from empty if angle brackets not closed
Product: Exim
Version: 4.69
Platform: Other
OS/Version: Linux
Status: NEW
Severity: security
Priority: critical
Component: ACLs
AssignedTo: nigel@???
ReportedBy: fperillo@???
QAContact: fperillo@???
CC: exim-dev@???
Spammers are sending messages with "From:" or "To:" tags in the body w/o
closing the angle bracket, hence the h_from is apparently not parsed correctly
and the h_from exim variable is not assigned, actually disabling acl written
for the h_from sanitization.
An header excerpt from an "offending" message:
Received: from 95-24-139-215.broadband.corbina.ru ([95.24.139.215])by=20
mail1.camera.it with smtp (Exim 4.68)(envelope-from =
<licjun@???>)id
1Lu2ZW-0006lj-HKfor dummy@???; Wed, 15 Apr 2009 12:42:27 =
+0200
To: <dummy@???
Subject: Ricerchiamo collaboratori in gruppo operante a livello globale.
From: <forged@???
MIME-Version: 1.0
Importance: High
Could also the EOL be used to terminate the variables ?)
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
