-- Am 02/26/14 14:02:08 +0100 schrieb Wolfgang Breyha:
Jan Ingvoldstad wrote, on 26/02/14 13:45:
Perhaps it would be relevant to check for other byte order marks as well:
http://en.wikipedia.org/wiki/Byte_order_mark#Representations_of_byte_ord
er_marks_by_encoding
I crosschecked with my cyrus logs ("invalid header characters") meanwhile
and blocking only the UTF8 BOM seems to catch them all upfront. It looks
like a broken script spamming from several hacked webhosts.
currently I use
# check for UTF-8 BOM (coming from SPAM)
warn condition = ${if
match{$message_headers_raw}{\N\xEF\xBB\xBF\N}} control =
freeze/no_tell
log_message = BOM detected
to get some more samples.
Will change that to
deny condition = ${if
match{$message_headers_raw}{\N\xEF\xBB\xBF\N}} message =
Headers contain illegal BOM
log_message = BOM detected
later.
Hi,
that's a good idea. Thanks a lot.
But nevertheless it might be a good idea to block 8 bit characters in
header names via an ACL test as even RFC 6532 does not allow that.
Michael
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
