Dňa 12. apríla 2023 19:15:19 UTC používateľ MRob via Exim-users <exim-users@???> napísal:
>On 2023-04-12 17:42, Slavko via Exim-users wrote:
>> Use raw header for address extracting -- $rh_From: that works
>> for both, quoted and encoded content...
>
>If using rh_From: is there risk to get tricked with header like:
>
>From: "spammer_address@???" <compromised_account@???>
Simple put that line in some file and try itself by -bem, eg:
exim -bem /file/with/that_header '${address:$rh_From:}'
>${address:} expansion is following RFC 2822... so maybe its ok and the importance is $h_ should never be used with ${address:} because that address expansion will decode it anyway??
Hard to say, headers can be broken (by mistake or by purpose)
in many ways. One usually do not need look into From: headers
from foreign source, but will want eg. to extract domain from it
for DKIM (DMARC intended) signature from own messages, thus
ensure valid From: header on MSA with in depth inspection.
I delegate in depth message inspection to rspamd, with
some exceptions -- mostly Subject: and attachments (eg. for
DMARC reports extraction/routing).
>Also question about $h_ decoding, I dont remember if quoting is required if it is encoded like my exmaple. Is the example a invalid header because it needs quoting? Or is the problem that i'm using two unrelated steps for full parsing? ($h_ then ${address:})
RFC defines when quotes are required, the "@" is one of that
case, exim properly checks that syntax with control=verifyXY
ACL (sorry i forgot exact) condition.
AFAIK, the name part is either quoted (for ASCII only) or
encoded (for nonASCII). But i often see encoded ASCII
only chars (rspamd detects that), and often in legitime
messages...
BTW, i am always surprised how problematic are nonASCII
things. My first bigger computer project was to teach computer
to print chars nowadays known as Latin2 & Cyrillic (in 1984 :-) ),
Nowadays it is no problem to print/show that, but...
regards
--
Slavko
https://www.slavino.sk/