Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: devel

[Bug 6783] New: IP address of Squirrelmail user should not be subjected to rules

 

 

SpamAssassin devel RSS feed   Index | Next | Previous | View Threaded


bugzilla-daemon at bugzilla

Apr 2, 2012, 5:15 AM

Post #1 of 1 (184 views)
Permalink
[Bug 6783] New: IP address of Squirrelmail user should not be subjected to rules

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6783

Bug #: 6783
Summary: IP address of Squirrelmail user should not be
subjected to rules
Product: Spamassassin
Version: 3.3.1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: Rules
AssignedTo: dev [at] spamassassin
ReportedBy: stephane.chazelas [at] gmail
CC: iain [at] brunny,
Joerg.Dieter.Friedrich [at] uni-konstanz,
nomis80 [at] nomis80
Classification: Unclassified


+++ This bug was initially created as a clone of Bug #3236 +++

NaSMail (a fork of Squirrelmail) logs the IP address of the sender of the
message by adding a
Received header like this:

Received: from 142.169.110.122
(NaSMail authenticated user synapse)
by mail.nomis80.org with HTTP;
Sat, 3 Apr 2004 10:33:43 -0500 (EST)

In that case, this may trigger rules such as RCVD_IN_DYNABLOCK and
RCVD_IN_SORBS:

* 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
* [142.169.110.122 listed in dnsbl.sorbs.net]
* 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
* [142.169.110.122 listed in dnsbl.sorbs.net]

The IP address of the NaSMail user should not be checked against any such
rules. It is easy to discard the Received header as it contains the NaSMail
string.

The workaround is the same as for Bug #3236:

--- a
+++ b
@@ -428,8 +428,9 @@
# bug 3236: ignore Squirrelmail injection steps.
# from 142.169.110.122 (SquirrelMail authenticated user synapse) by
# mail.nomis80.org with HTTP; Sat, 3 Apr 2004 10:33:43 -0500 (EST)
- if (/ \(SquirrelMail authenticated user /) {
- dbg("received-header: ignored SquirrelMail injection: $_");
+ # SC 2012-04-02, added NaSMail
+ if (/ \((?:SquirrelMail|NaSMail) authenticated user /) {
+ dbg("received-header: ignored SquirrelMail/NaSMail injection: $_");
return 0;
}

--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

SpamAssassin devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.