https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8217
Bug ID: 8217
Summary: SpamAssassin can add UTF8 characters in mail headers
Product: Spamassassin
Version: 3.4.6
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: spamassassin
Assignee: dev@spamassassin.apache.org
Reporter: s...@webpros.com
Target Milestone: Undefined
If an email message is sent that contains UTF8 characters, the Content preview
can add it to the headers of the message, preventing the email from being
processed.
SMTP error from remote mail server after end of data:
550 5.6.0 Message blocked due to illegal UTF-8 header encoding
Create a message.txt file with the Ä character in the body:
---
MIME-Version: 1.0
Date: Tue, 20 Feb 2024 15:03:28 +0000
From: t...@domain.tld
To: t...@domain.tld
Subject: NOK
User-Agent: Roundcube Webmail/1.6.0
Message-ID: <4a9986554b9ab439c6b9e103ac311...@domain.tld>
X-Sender: t...@domain.tld
Content-Type: text/plain; charset=UTF-8;
format=flowed
Content-Transfer-Encoding: 8bit
Ä
---
spamassassin -t < message.txt
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server.cptest.tld
X-Spam-Level: **
X-Spam-Status: No, score=3.0 required=5.0 tests=BODY_SINGLE_WORD,
DKIM_ADSP_NXDOMAIN,KAM_DMARC_STATUS,PYZOR_CHECK,SCC_BODY_SINGLE_WORD,
T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=no autolearn_force=no
version=3.4.6
MIME-Version: 1.0
Date: Tue, 20 Feb 2024 15:03:28 +0000
From: t...@domain.tld
To: t...@domain.tld
Subject: NOK
User-Agent: Roundcube Webmail/1.6.0
Message-ID: <4a9986554b9ab439c6b9e103ac311...@domain.tld>
X-Sender: t...@domain.tld
Content-Type: text/plain; charset=UTF-8;
format=flowed
Content-Transfer-Encoding: 8bit
Ä
Spam detection software, running on the system "server.cptest.tld",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Ä
Content analysis details: (3.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in
DNS
2.0 PYZOR_CHECK Listed in Pyzor
(https://pyzor.readthedocs.io/en/latest/)
0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict
Alignment
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 SCC_BODY_SINGLE_WORD Message body seems like one word
0.2 BODY_SINGLE_WORD Message body is only one word (no spaces)
Note that Content preview: Ä is shown, which is invalid for email headers
(RFC6532?)
https://datatracker.ietf.org/doc/html/rfc6532#section-3.2
This will cause MTAs to fail with errors similar to the following
SMTP error from remote mail server after end of data:
550 5.6.0 Message blocked due to illegal UTF-8 header encoding
--
You are receiving this mail because:
You are the assignee for the bug.
