Slavko via Exim-users wrote on 27.05.2023 10:54:
> Dňa 26. mája 2023 23:45:22 UTC používateľ Victor Ustugov via Exim-users <exim-users@???> napísal:
>
>> But more than one address in a From header is rare. And if there are
>> several such incorrect addresses in the From header of the attacker's
>> email, then it's good that at least one of them can be extracted using a
>> simple regular expression.
>
> I do not manipulate From: nor any other (address) header by
> that way on incomming mails, nor from wild, nor from users.
I too.
But this is exactly what the author of the topic needs.
> But i use ${address:...} expansion to extract address from
> Sender: and From: headers (forced to one address) on MSA
> to check, that users use only allowed address, to prevent
> spoofing. I do that test(s) after syntax verifying, but now i
> see that it is not reliable, just because MUA (expected) &
> exim can do it wrong...
I think checking the headers of emails sent by your users could be more
strict. Because if ${address:...} returns empty result then header is
not RFC compliant.
To my mind when checking the headers of messages received from outside,
we should get addresses even from an incorrectly composed header. At
least if we need to check these addresses.
The headers of outgoing emails from our users must always be RFC compliant.
> I did expensive testing of that checks, but the case of
> invalid syntax which pass syntax verifying was not
> included...
--
Best wishes Victor Ustugov
mailto:victor@corvax.kiev.ua
public GnuPG/PGP key:
https://victor.corvax.kiev.ua/corvax.asc
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/