[exim] Re: Completely remove any name in From: header for in…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MSlavko at <-
MIan Z via Exim-users at ->
Delete this message
Reply to this message
Author: Victor Ustugov
Date:  
To: Slavko via Exim-users
Subject: [exim] Re: Completely remove any name in From: header for inbound email?
Slavko via Exim-users wrote on 27.05.2023 02:19:
> Dňa 26. mája 2023 22:04:42 UTC používateľ Victor Ustugov via Exim-users <exim-users@???> napísal:
>
>> Or was your question about MTA features for your personal use only?
>
> No, that was rhetorical questions ;-)
>
>> It would be nice if everyone used your MUA or my MUA. But that doesn't
>> happen in real life. I would consider the worst case scenarios as well.
>
> The MUAs are not as important, as they are as people -- can
> do strange things ;-)

Agree.

> More important is, that this header passes the header_syntax
> and header_sender verify, thus one can expect that all exim's
> expansions can do its job with it and will provide reliable output.
> But as you clearly show, that it is not case of ${address:...}.

Yes, in this case ${addresses:...} is a better variant than ${address:...}

> As From: header can contain multiple addresses (by definition),
> it can be more appropriate to use ${addresses:...} and it works,
> as Jeremy shown. But in this case it contains only one address
> string (while not RFC compliant).

If all adresses are valid, than ${addresses:...} will return them all.
It remains only to replace the list separator before adding a new
heading from.
But if one the addresses is like `postmaster@???
<charles@???>`, it will be skipped.

But more than one address in a From header is rare. And if there are
several such incorrect addresses in the From header of the attacker's
email, then it's good that at least one of them can be extracted using a
simple regular expression.

> In any case, the exim's behavior is inconsisten, if it is
> considered as broken it have to be broken in all cases
> not only in some. Any devs opinion/decision?


--
Best wishes Victor Ustugov
mailto:victor@corvax.kiev.ua
public GnuPG/PGP key: https://victor.corvax.kiev.ua/corvax.asc

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Re: Completely remove any name in From: header for inbound email?[exim] Re: Show regex capture group in logs?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)