Re: [exim] exim4: headers check syntax?

Thu, 06 Apr 2006 02:24:01 -0700 


Hi,
thanks for the hint! I'm not using the exim-config stuff because it is a mess to me. I copied over the example config that comes along with the docs and started from there --- much easier than fumbling with exim-config, and this way, I actually know what I have configured and what not :) Also, it made (and still makes) me learn about the differences between exim3 and exim4.
Checking the headers might reject legitimate mail, but since cyrus doesn't deliver it anyway and sends out a delivery error message, it is something that could be abused by SPAMers.
I had syntax checking on the headers enabled with exim3 before and was missing it in exim4, but I didn't look into it until now that I'm seeing mail rejected due to bad headers. Nobody complained about it in the last three years :) 


The following makes cyrus happy now:



acl_check_data:

  # deny messages with invalid headers
  deny    message = Messages with invalid headers are not allowed.
          log_message   = invalid headers in message
          !verify = header_syntax

  # deny message if there are NUL characters in the message body
  deny    message   = NUL characters in the message body are not allowed.
          log_message   = 
NUL_chars%$tod_log%<$return_path>%<$recipients>%($body_zerocount)
          condition = ${if > {$body_zerocount}{0} }
[...]
Denying NUL characters may also reject legitimate mail, but I didn't like the ressource usage that might be involved with filtering all the mail for it. 


GH


Marc Haber wrote:

On Wed, 05 Apr 2006 13:57:59 +0200, listrcv <[EMAIL PROTECTED]>
in exim3, there was an option to check the syntax of mail headers (headers_check_syntax or so). 

How do I enable that with exim4?
Cyrus complains about invalid headers, so I want to check them before such mail is handed over to cyrus. Messages with invalid headers should be rejected before accepting them for not to have a possible exploit for SPAMers. 


If you are on Debian, you only need to set the macro
CHECK_DATA_VERIFY_HEADER_SYNTAX. The code is already there in the DATA
acl.

The default is off since this might reject legitimate e-mail.

Greetings
Marc




--
## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ 
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Reply via email to