[Assp-test] Antwort: Re: Incorrect addresses added to whitelist via the email interface

[Thomas Eckardt]

> Am I incorrect that there are one or more bugs here?

No - may be yes ?

>In the example below, I would expect only 
em...@communications.trustwave.com<
mailto:em...@communications.trustwave.com> to be added to the whitelist

I would expect  'em...@communications.trustwave.com'

IMHO is this not a correct MIME message:

> From: Trustwave <em...@communications.trustwave.com<
mailto:em...@communications.trustwave.com>>
> To: IT_AV <it...@thecjm.org<mailto:it...@thecjm.org>>

both lines are not correct

> Message-ID: <380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local<
mailto:380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local>>

and this also

I would block this mail because of this.

I'll have a look at the regex for the email address - how ever, it is a 
small but major part of the code - a wrong change could lead in to big 
problems.

Thomas 




Von:    Mark Edwards <medwa...@thecjm.org>
An:     ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum:  01.10.2010 22:08
Betreff:        Re: [Assp-test] Incorrect addresses added to whitelist via 
the email       interface




It seems as if this issue is not being recognized.  Am I incorrect that 
there are one or more bugs here?

On Sep 27, 2010, at 11:48 AM, Mark Edwards wrote:

> I see what I think are problems with the way whitelisting occurs when 
using the asspnotspam function of the email interface.  This is on 
2.0.1(1.1.28).
> 
> In the example below, I would expect only 
em...@communications.trustwave.com<
mailto:em...@communications.trustwave.com> to be added to the whitelist, 
and perhaps 
bounce-879590_html-862063647-14143185-7507...@bounce.communications.trustwave.com.
 
 However, I definitely do not want addresses from my domain (thecjm.org) 
added to the whitelist, nor do I want .local addresses coming from 
Message-ID headers added.  Some addresses appear to be truncated as well.
> 
> My concern here is having irrelevant addresses cluttering the whitelist.
> 
> 
> Response from asspnotspam:
> 
> 380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local<
mailto:380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local>: added to 
whitelist
> 380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local<
mailto:380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local
>,medwa...@thecjm.org<mailto:medwa...@thecjm.org>: added to whitelist
> em...@communications.trustwave.com<
mailto:em...@communications.trustwave.com>: added to whitelist
> em...@communications.trustwave.com<
mailto:em...@communications.trustwave.com>,medwa...@thecjm.org<
mailto:medwa...@thecjm.org>: added to whitelist
> -...@communications.trustwave.com<mailto:-...@communications.trustwave.com>: 
added to whitelist
> -...@communications.trustwave.com<mailto:-...@communications.trustwave.com
>,medwa...@thecjm.org<mailto:medwa...@thecjm.org>: added to whitelist
> 
47460077c7d11-879590_html-862063647-7507...@communications.trustwave.com<
mailto:47460077c7d11-879590_html-862063647-7507...@communications.trustwave.com
>: added to whitelist
> 
47460077c7d11-879590_html-862063647-7507...@communications.trustwave.com<
mailto:47460077c7d11-879590_html-862063647-7507...@communications.trustwave.com
>,medwa...@thecjm.org<mailto:medwa...@thecjm.org>: added to whitelist
> 
> 
> 
> Headers of email:
> 
> Received: from mta.communications.trustwave.com<
http://mta.communications.trustwave.com/> (10.10.16.12) by
> mail.thecjm.org<http://mail.thecjm.org/> (10.10.11.5) with Microsoft 
SMTP Server id 8.2.176.0; Tue, 31
> Aug 2010 17:47:56 -0700
> Received: from mta.communications.trustwave.com<
http://mta.communications.trustwave.com/> ([66.231.89.232]
> helo=mta.communications.trustwave.com) by cjm-assp2.thecjm.lan with 
ESMTP
> (2.0.1); 31 Aug 2010 17:52:31 -0700
> Received: by mta.communications.trustwave.com<
http://mta.communications.trustwave.com/> (PowerMTA(TM) v3.5r15) id
> hfm7340ie1s9 for <it...@thecjm.org<mailto:it...@thecjm.org>>; Tue, 31 
Aug 2010 17:20:09 -0600
> (envelope-from
> 
<bounce-879590_html-862063647-14143185-7507...@bounce.communications.trustwave.com>)
> From: Trustwave <em...@communications.trustwave.com<
mailto:em...@communications.trustwave.com>>
> To: IT_AV <it...@thecjm.org<mailto:it...@thecjm.org>>
> Content-Class: urn:content-classes:message
> Date: Tue, 31 Aug 2010 17:48:33 -0700
> Subject: [FILTERED] Welcome to the TrustKeeper PCI DSS Compliance 
Program
> Thread-Topic: [FILTERED] Welcome to the TrustKeeper PCI DSS Compliance
> Program
> Thread-Index: ActJb1JL8etJMiuKR3yN/ydOPzhWdg==
> Message-ID: <380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local<
mailto:380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local>>
> List-Unsubscribe:
> <
mailto:leave-fca51c777c610d7d1a4c342838-fe251c767764027e731077-fe6415747460077c7d11-fef91375756307-ffc...@leave.communications.trustwave.com
>
> Reply-To: Trustwave
> 
<reply-fe6415747460077c7d11-879590_html-862063647-7507...@communications.trustwave.com>
> Accept-Language: en-US
> Content-Language: en-US
> X-MS-Exchange-Organization-AuthAs: Anonymous
> X-MS-Exchange-Organization-AuthSource: cjm-exch1.TheCJM.lan
> X-MS-Has-Attach:
> X-Auto-Response-Suppress: DR, OOF, AutoReply
> X-MS-Exchange-Organization-SCL: 9
> X-MS-TNEF-Correlator:
> x-assp-delay: not delayed (gripvalue low: 0.12); 31 Aug 2010 17:52:31 
-0700
> x-assp-spam: YES
> x-assp-spam-reason: MessageScore passed low limit
> dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=200608;
> d=communications.trustwave.com;
> 
h=From:To:Subject:Date:List-Unsubscribe:MIME-Version:Reply-To:Message-ID:Content-Type:Content-Transfer-Encoding;
> i=em...@communications.trustwave.com<
mailto:i=em...@communications.trustwave.com>; 
bh=B6gxA/9SZFGUgHR1Lai21kKsmjo=;
> 
b=wA+6A7SuzemZNTiiHQzCwY981V4rljahKmesPaLshlSrjrZ/8ZaZu6GxGFKg4qM+k2MCEAMnuudZ
> 
jsaGddQnMuf4cWRAnQZ3qKNEkIRmMtJqWksOOtQDtw168VfsoRMsGLLKcAFbmUixCgKlXr9+0IEM
> PyKhUeM4kxRDUvqmLKU=
> x-spam-status: yes
> x-job: 75073_14143185
> x-assp-envelope-from:
> 
bounce-879590_html-862063647-14143185-7507...@bounce.communications.trustwave.com
> Content-Type: multipart/alternative;
> boundary="_000_380dc3a458c94e10bdb1965395b820fbxtinmta12xtlocal_"
> MIME-Version: 1.0

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************



------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test