bugzilla-daemon at bugzilla
Apr 2, 2012, 5:15 AM
Post #1 of 1
(149 views)
Permalink
|
|
[Bug 6783] New: IP address of Squirrelmail user should not be subjected to rules
|
|
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6783
Bug #: 6783
Summary: IP address of Squirrelmail user should not be
subjected to rules
Product: Spamassassin
Version: 3.3.1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: Rules
AssignedTo: dev [at] spamassassin
ReportedBy: stephane.chazelas [at] gmail
CC: iain [at] brunny,
Joerg.Dieter.Friedrich [at] uni-konstanz,
nomis80 [at] nomis80
Classification: Unclassified
+++ This bug was initially created as a clone of Bug #3236 +++
NaSMail (a fork of Squirrelmail) logs the IP address of the sender of the
message by adding a
Received header like this:
Received: from 142.169.110.122
(NaSMail authenticated user synapse)
by mail.nomis80.org with HTTP;
Sat, 3 Apr 2004 10:33:43 -0500 (EST)
In that case, this may trigger rules such as RCVD_IN_DYNABLOCK and
RCVD_IN_SORBS:
* 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
* [142.169.110.122 listed in dnsbl.sorbs.net]
* 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
* [142.169.110.122 listed in dnsbl.sorbs.net]
The IP address of the NaSMail user should not be checked against any such
rules. It is easy to discard the Received header as it contains the NaSMail
string.
The workaround is the same as for Bug #3236:
--- a
+++ b
@@ -428,8 +428,9 @@
# bug 3236: ignore Squirrelmail injection steps.
# from 142.169.110.122 (SquirrelMail authenticated user synapse) by
# mail.nomis80.org with HTTP; Sat, 3 Apr 2004 10:33:43 -0500 (EST)
- if (/ \(SquirrelMail authenticated user /) {
- dbg("received-header: ignored SquirrelMail injection: $_");
+ # SC 2012-04-02, added NaSMail
+ if (/ \((?:SquirrelMail|NaSMail) authenticated user /) {
+ dbg("received-header: ignored SquirrelMail/NaSMail injection: $_");
return 0;
}
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
|
