fperillo at totalfax
Apr 21, 2009, 9:15 AM
Post #1 of 1
(805 views)
Permalink
|
|
[Bug 844] New: h_from empty if angle brackets not closed
|
|
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=844
Summary: h_from empty if angle brackets not closed
Product: Exim
Version: 4.69
Platform: Other
OS/Version: Linux
Status: NEW
Severity: security
Priority: critical
Component: ACLs
AssignedTo: nigel [at] exim
ReportedBy: fperillo [at] totalfax
QAContact: fperillo [at] totalfax
CC: exim-dev [at] exim
Spammers are sending messages with "From:" or "To:" tags in the body w/o
closing the angle bracket, hence the h_from is apparently not parsed correctly
and the h_from exim variable is not assigned, actually disabling acl written
for the h_from sanitization.
An header excerpt from an "offending" message:
Received: from 95-24-139-215.broadband.corbina.ru ([95.24.139.215])by=20
mail1.camera.it with smtp (Exim 4.68)(envelope-from =
<licjun [at] amcc>)id
1Lu2ZW-0006lj-HKfor dummy [at] gmail; Wed, 15 Apr 2009 12:42:27 =
+0200
To: <dummy [at] gmail
Subject: Ricerchiamo collaboratori in gruppo operante a livello globale.
From: <forged [at] sender
MIME-Version: 1.0
Importance: High
Could also the EOL be used to terminate the variables ?)
--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email
--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
|
