Mailing List Archive: SpamAssassin: devel

[Bug 6549] Squirrelmail headers should be parsed

Index | Next | Previous | View Threaded

bugzilla-daemon at bugzilla

Apr 2, 2012, 4:23 PM

Post #1 of 2 (159 views)
Permalink

[Bug 6549] Squirrelmail headers should be parsed

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6549

--- Comment #7 from Kevin A. McGrail <kmcgrail [at] pccc> 2012-04-02 23:23:41 UTC ---
(In reply to comment #6)
> (In reply to comment #5)
> > My only hesitation with that code is the /(${IP_ADDRESS}).{10,80}/ part,
> > where ".{10,80}" could conceivably continue the IP given the lack of a
> > delimiter. The IP_ADDRESS constant ends with (?![a-f0-9:]) but lacks a
> > IPv4-ish equivalent, thus allowing mathces like "1.2.3.4.example.com" or even
> > "1.2.3.4.5"
> >
> > This regex is the only one that contains an ambiguous ending to an IP matcher,
> > at least that I could find with /IP_ADDRESS\}?\)?[\[.]/
> >
> >
> > This really should be a change to IP_ADDRESS itself, but for consistency, I'd
> > like to change the regex here to include a space after ${IP_ADDRESS}
>
> Sounds good to me. The test cases should show if that works and perhaps add an
> extra test that is bogus.

Following up on this, is this the change you are asking for?

Index: lib/Mail/SpamAssassin/Message/Metadata/Received.pm
===================================================================
--- lib/Mail/SpamAssassin/Message/Metadata/Received.pm (revision 1308610)
+++ lib/Mail/SpamAssassin/Message/Metadata/Received.pm (working copy)
@@ -449,7 +449,7 @@
# Expanded to NaSMail Bug 6783
if (/ \((?:SquirrelMail|NaSMail) authenticated user /) {
#REVERTING bug 3236 and implementing re: bug 6549
- if (/(${IP_ADDRESS}).{10,80}by (\S+) with HTTP/) {
+ if (/(${IP_ADDRESS}) .{10,80}by (\S+) with HTTP/) {
$ip = $1; $by = $2; goto enough;
}
}

If so, that change causes this failure which frankly baffles me a bit but
appears to have to do with a reverse lookup. Any thoughts?

# Failed test 65 in t/rcvd_parser.t at line 497 fail #63
not ok 65
expected: [ ip=143.166.226.16 rdns= helo= by=www.penguintowne.org ident=
envfrom= id= auth=Sendmail msa=0 ]
got : [ ip=143.166.226.16 rdns= helo=ausisaps301-dmz.aus.amer.dell.com
by=www.penguintowne.org ident= envfrom= id= auth=Sendmail msa=0 ]
hdr sample: -------------------------------------------------------------------
from ausisaps301-dmz.aus.amer.dell.com ([143.166.226.16]) (SquirrelMail
authenticated user hoolis); by www.penguintowne.org with HTTP; Mon, 22 Mar 2004
12:54:13 -0600 (CST)
------------------------------------------------------------------------------

--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

bugzilla-daemon at bugzilla

Apr 6, 2012, 8:08 AM

Post #2 of 2 (125 views)
Permalink

[Bug 6549] Squirrelmail headers should be parsed [In reply to]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6549

--- Comment #8 from Adam Katz <antispam [at] khopis> 2012-04-06 15:08:56 UTC ---
(In reply to comment #7)
> Following up on this, is this the change you are asking for?
>
> Index: lib/Mail/SpamAssassin/Message/Metadata/Received.pm
> ===================================================================
> --- lib/Mail/SpamAssassin/Message/Metadata/Received.pm (revision 1308610)
> +++ lib/Mail/SpamAssassin/Message/Metadata/Received.pm (working copy)
> @@ -449,7 +449,7 @@
> # Expanded to NaSMail Bug 6783
> if (/ \((?:SquirrelMail|NaSMail) authenticated user /) {
> #REVERTING bug 3236 and implementing re: bug 6549
> - if (/(${IP_ADDRESS}).{10,80}by (\S+) with HTTP/) {
> + if (/(${IP_ADDRESS}) .{10,80}by (\S+) with HTTP/) {
> $ip = $1; $by = $2; goto enough;
> }
> }

Not quite; you didn't allow for brackets or parens. How about this:

- if (/(${IP_ADDRESS}).{10,80}by (\S+) with HTTP/) {
+ if (/(${IP_ADDRESS})\b(?![.-]).{10,80}by (\S+) with HTTP/) {

That should prevent 1.2.3.4.example.com and 1.2.3.4-dyn.example.com but still
allow [1.2.3.4] and (1.2.3.4) (No other nonword characters are legal in
domains or IPv4.)

> If so, that change causes this failure which frankly baffles me a bit but
> appears to have to do with a reverse lookup. Any thoughts?
>
> # Failed test 65 in t/rcvd_parser.t at line 497 fail #63
> not ok 65
> expected: [. ip=143.166.226.16 rdns= helo= by=www.penguintowne.org ident=
> envfrom= id= auth=Sendmail msa=0 ]
> got : [. ip=143.166.226.16 rdns= helo=ausisaps301-dmz.aus.amer.dell.com
> by=www.penguintowne.org ident= envfrom= id= auth=Sendmail msa=0 ]
> hdr sample: -------------------------------------------------------------------
> from ausisaps301-dmz.aus.amer.dell.com ([143.166.226.16]) (SquirrelMail
> authenticated user hoolis); by www.penguintowne.org with HTTP; Mon, 22 Mar
> 2004 12:54:13 -0600 (CST)
> ------------------------------------------------------------------------------

Presumably, it got parsed by another portion of the code; your edit requires a
space after the IP but that sample has a square bracket.

--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads