http://bugzilla.spamassassin.org/show_bug.cgi?id=3605
------- Additional Comments From [EMAIL PROTECTED] 2004-10-24 03:15 -------
>From Theo Van Dinter 2004-07-15 12:29
> ie: we use "X-Spam-Prev-Header:" to specify the original header content, and
> upon stripping the markup, we simply delete "Header" and rename
> "X-Spam-Prev-Header" appropriately.
>
> so then I thought about just adding "X-Spam-Create-Header", or something, and
> when we see that during the strip process, just delete it and "Header". but
> then I figured that was too easy to fake in a message.
>
> but in conversing more about it, we can't protect the faking thing anyway
> using 'Prev' and such, so why do I worry about 'Create'?
As long as the header is uniqued to something the sender doesn't know about it
can't be faked.
X-Spam-_HOSTNAME_-Created-Header
X-Spam-_HOSTNAME_-Prev-Header
To determine if they were added by the recipients invocation of SpamAssassin you
would compare the headers to the hostname found in X-Spam-Checker-Version.
Of course that only works if the X-Spam-Check-Version header exists, which it
may not when called from certain milters, etc. In that case we're out of luck
anyway, since we don't know what is going to be added.
If the SpamAssassin call, via a milter, sees the received header added by the
server that it is running on, we can use the digits from that received header's
date (with or without the time zone) joined with a dot or dash to a count of the
number of headers currently in the message and use that as the unique token in
place of _HOSTNAME_ above. If we can't see the local system's received header
we can't do any of the following.
eg. currently 15 received headers are in the message and the LOCAL SERVER's
received header date is Sun, 24 Oct 2004 05:56:24 -0400
X-Spam-242004055624-15-Created-Header
X-Spam-242004055624-15-Prev-Header
To prevent forgery by adding these headers based on an earlier received header
we add one additional uniqued header to messages that already have these faked
unique headers. We used the same scheme to generate the unique number.
eg. Message comes in with the following header (which match the date in the 14th
header):
X-Spam-242004055021-14-Created-Header
we add:
X-Spam-242004055624-15-Unique-Header
dddddddddddd-dd
To remove markup later we do the following:
1. Scan the message for (many) X-Spam-dddddddddddd-dd-Unique-Header.
Sort them in descending order by the number of headers (last -dd).
The "unique-header" with the highest -dd value that is valid (against that
received headers date wins. From now on we only pay attention to
"unique-headers" with the same -dd value.
2. Remove this "unique-header" from the message. We added it. Leave the rest.
3. Look for other "unique-headers" matching the -dd value.
Reverse whatever action that header signifies. Remove it, we added it.
In the easier case where there were no existing fake "unique-headers" when we
first scanned the message, we can assume that all "unique-headers" are valid and
act on the accordingly, then remove them. There will be no header as seen in #1
above since we don't bother adding it since it wouldn't be useful.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
