On Sun, 5 Jun 2005, Damian Menscher wrote:
Assuming the problem really is due to not using a FQDN, this might still be
worth fixing in clamav-milter, since it can affect others (even those with
proper setups) as well. Here is the offending code:
ptr = strstr(privdata->from, me);
if(ptr && (ptr != privdata->from) && (*--ptr == '@')) {
logg("Rejected email falsely claiming to be from %s\n",
privdata->from);
smfi_setreply(ctx, "554", "5.7.1", _("You have claimed to be from me,
but you are not"));
broadcast(_("Forged local address detected"));
clamfi_cleanup(ctx);
return SMFIS_REJECT;
}
In your case, me is "net" and privdata->from is "[EMAIL PROTECTED]". So the
strstr() call returns a pointer to "netzero.net". We then have:
if(ptr && (ptr != privdata->from) && (*--ptr == '@')) {
ptr is set it doesn't equal from and the preceeding char is @
So you'll end up rejecting anything coming from @netscape, @netflix, and
plenty of other domains too. :)
I'll leave it to the real programmers to write a patch (they may just say to
set your hostname properly, but I think it would still be a problem if, for
example, the admin of mail.com wanted to receive email from people at
mail.com.fr). My suggestion would be to use strcasecmp() to compare the
strings as was done elsewhere in the code.
Ok, I lied. I'm attaching my suggestion for a patch. I've confirmed
that it compiles, but haven't tested that it behaves in a reasonable
way, or is portable, or anything like that. (Sorry, but my time and
skills are both limited.)
Damian Menscher
--
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-
--- clamav-milter.c
+++ clamav-milter.c
@@ -2030,12 +2030,14 @@
if(detect_forged_local_address && !isLocalAddr(inet_addr(remoteIP))) {
#endif
char me[MAXHOSTNAMELEN + 1];
+ struct hostent *fqme;
if(gethostname(me, sizeof(me) - 1) < 0) {
logg("^clamfi_connect: gethostname failed\n");
return SMFIS_CONTINUE;
}
- if(strcasecmp(hostname, me) == 0) {
+ fqme = gethostbyname(me);
+ if(strcasecmp(hostname, fqme->h_name) == 0) {
logg("Rejected email falsely claiming to be from
here\n");
smfi_setreply(ctx, "550", "5.7.1", _("You have claimed
to be me, but you are not"));
broadcast(_("Forged local address detected"));
@@ -2289,14 +2291,16 @@
if(detect_forged_local_address && privdata->from &&
(!privdata->sender) && !isWhitelisted(privdata->from)) {
char me[MAXHOSTNAMELEN + 1];
+ struct hostent *fqme;
const char *ptr;
if(gethostname(me, sizeof(me) - 1) < 0) {
logg("^clamfi_eoh: gethostname failed\n");
return SMFIS_CONTINUE;
}
- ptr = strstr(privdata->from, me);
- if(ptr && (ptr != privdata->from) && (*--ptr == '@')) {
+ fqme = gethostbyname(me);
+ ptr = strstr(privdata->from, fqme->h_name);
+ if(ptr && (*--ptr == '@') && (strcasecmp(privdata->from,
fqme->h_name) == 0)) {
logg("Rejected email falsely claiming to be from %s\n",
privdata->from);
smfi_setreply(ctx, "554", "5.7.1", _("You have claimed
to be from me, but you are not"));
broadcast(_("Forged local address detected"));
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
