Re: [exim] Emails starting with a byte order mark (BOM)

Top Page
Delete this message
Reply to this message
Author: Wolfgang Breyha
Date:  
To: Jan Ingvoldstad
CC: exim-users@exim.org
Subject: Re: [exim] Emails starting with a byte order mark (BOM)
Jan Ingvoldstad wrote, on 26/02/14 13:45:
> Perhaps it would be relevant to check for other byte order marks as well:
>
> http://en.wikipedia.org/wiki/Byte_order_mark#Representations_of_byte_order_marks_by_encoding


I crosschecked with my cyrus logs ("invalid header characters") meanwhile and
blocking only the UTF8 BOM seems to catch them all upfront. It looks like a
broken script spamming from several hacked webhosts.

currently I use
  # check for UTF-8 BOM (coming from SPAM)
  warn    condition   = ${if match{$message_headers_raw}{\N\xEF\xBB\xBF\N}}
          control     = freeze/no_tell
          log_message = BOM detected
to get some more samples.


Will change that to
  deny    condition   = ${if match{$message_headers_raw}{\N\xEF\xBB\xBF\N}}
          message     = Headers contain illegal BOM
          log_message = BOM detected
later.


Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> | http://www.blafasel.at/
Vienna University Computer Center | Austria