[Bug 5227] Enhancement: Create a plugin to catch hosts trying to helo as me

bugzilla-daemon Wed, 20 Dec 2006 01:52:26 -0800

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5227



[EMAIL PROTECTED] changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
Attachment #3794 is|0                           |1
           obsolete|                            |




------- Additional Comments From [EMAIL PROTECTED]  2006-12-20 01:52 -------
Created an attachment (id=3796)
 --> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=3796&action=view)
Detect HELO-forgery as "myself" (revised 1)

Change:

Line 206ff: If the potentially attacker-specified HELO string contains regex
metachars (eg "?"), we would receive errors or open an attack vector. Therefore
we skip the test if HELO contains anything but characters legal for a domain
(a-z0-9, ., -).

Also added a "Security Consideration" section to the POD doc.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5227] Enhancement: Create a plugin to catch hosts trying to helo as me

Reply via email to