Re: [exim] non-address header syntax checking

Thu, 24 Aug 2006 03:09:36 -0700 

On Wed, 23 Aug 2006 11:21:12 +0200 "Michael Fischer v. Mollard" 
<[EMAIL PROTECTED]> wrote:

> 
> 
> -- On Tuesday, August 22, 2006 17:19:14 +0100 Chris Lightfoot wrote:
> 
> > On Tue, Aug 22, 2006 at 05:14:26PM +0100, Phil Chambers wrote:
> >     [...]
> >> However, the messages which are being rejected have non-ASCII in the
> >> header  names (the part before the colon - RFC2822 calls them field
> >> names), which makes  it more problematic. I really would prefer to
> >> reject these messages at the DATA  phase. Any ideas?
> >
> > see <[EMAIL PROTECTED]> from earlier
> > today, which suggests,
> >
> >      # header field name with 8-bit char
> >     deny    message = Your message contains invalid headers
> >             log_message = message header 8-bit
> >             condition = ${if match{$message_headers}{(?im)^[^:
> > ]*[\x80-\xFF]+[^:]*:}{1}{0}}
> >
> 
> This has problems with wrapped subject lines - maybe
> 
>   condition =     ${if match{$message_headers}{(?m)^[^: 
> \t]+[\x80-\xFF]+[^:]*:}{1}{0}}
> 
> would be safer.
> 
> Allways be careful with regexps, as they might math more than you expect. 
> For the current anoying spam a
> 
>   condition   = ${if 
> match{$message_headers}{(?im)^[\x80-\xFF]+Message-ID:}{1}{0}}
> 
> is sufficient.
> 
> Michael

Thanks very much for the suggestions. I am going with:

  condition   = ${if match{$message_headers} \
                          {\N(?m)^[^:\s]*[\x80-\xFF]+[^:]*:\N} {yes}{no}}

(Note the \N...\N wrapping which is needed and I am allowing for continuation 
lines with \s.) I am tempted to try restricting to \x21-\x35,\x37-\x7e which is 
what RFC2822 gives as valid for field names.

I am using "warn" at the moment and taking copies. I will run that way for a 
while to see if I get false positives. I will also take a look to see if I get 
any false positives with 8-bit anywhere in the header.

Phil.
---------------------------------------
Phil Chambers ([EMAIL PROTECTED])
University of Exeter




-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Reply via email to