Re: [exim] Emails starting with a byte order mark (BOM)

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Michael Fischer v. Mollard
Date:  
À: Wolfgang Breyha, exim-users
CC: Jan Ingvoldstad
Sujet: Re: [exim] Emails starting with a byte order mark (BOM)


-- Am 02/26/14 14:02:08 +0100 schrieb Wolfgang Breyha:

> Jan Ingvoldstad wrote, on 26/02/14 13:45:
>> Perhaps it would be relevant to check for other byte order marks as well:
>>
>> http://en.wikipedia.org/wiki/Byte_order_mark#Representations_of_byte_ord
>> er_marks_by_encoding
>
> I crosschecked with my cyrus logs ("invalid header characters") meanwhile
> and blocking only the UTF8 BOM seems to catch them all upfront. It looks
> like a broken script spamming from several hacked webhosts.
>
> currently I use
>   # check for UTF-8 BOM (coming from SPAM)
>   warn    condition   = ${if
> match{$message_headers_raw}{\N\xEF\xBB\xBF\N}}           control     =
> freeze/no_tell
>           log_message = BOM detected
> to get some more samples.

>
> Will change that to
>   deny    condition   = ${if
> match{$message_headers_raw}{\N\xEF\xBB\xBF\N}}           message     =
> Headers contain illegal BOM
>           log_message = BOM detected
> later.


Hi,

that's a good idea. Thanks a lot.

But nevertheless it might be a good idea to block 8 bit characters in
header names via an ACL test as even RFC 6532 does not allow that.

Michael