https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8337
--- Comment #5 from lurkertech <spamassas...@lurkertech.com> --- OK I see. In order to benefit others looking for the same thing who happen upon this bug report by google search... The message from SpamAssassin's rules/10_default_prefs.cf appears to surface in exim in the form of the exim variable called "$spam_report" that exim explicitly documents might contain characters forbidden in headers (search for $spam_report): https://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html However, in the way that cpanel/WHM is configuring exim, they are creating the X-Ham-Report header using an UNESCAPED version of $spam_report (which is not only wrong but possibly a security threat, being able to insert arbitrary Unicode characters into message headers based on the contents of a message): https://xenforo.com/community/threads/job-xf-emailunsubscribe-invalid-header-value-detected.177611/#post-1414524 (from cpanel/WHM's exim.conf, and also something you can add from WHM->exim configuration editor): > add_header = X-Ham-Report: ${sg{$spam_report}{\N\n \n\N}{\n}} so this is a bug in cpanel/WHM's configuration of exim. It looks like exim has a feature made EXACTLY made to solve this situation: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html > ${rfc2047:<string>} > This operator encodes text according to the rules of RFC 2047. This is an > encoding that is used in header lines to encode non-ASCII characters. It is > assumed that the input string is in the encoding specified by the > headers_charset option, which gets its default at build time.... But cpanel is not using it. So perhaps > add_header = X-Ham-Report: ${rfc2047:${sg{$spam_report}{\N\n \n\N}{\n}}} might solve the problem. But I don't have a way to test. -- You are receiving this mail because: You are the assignee for the bug.
