[M-CVS] CVS: M/src/modules Filters.cpp,1.130,1.131

Wed, 11 Sep 2002 06:57:33 -0700 

Update of /cvsroot/mahogany/M/src/modules
In directory usw-pr-cvs1:/tmp/cvs-serv3947/src/modules

Modified Files:
        Filters.cpp 
Log Message:
reduce the number of false positives from "Received:" header spam test

Index: Filters.cpp
===================================================================
RCS file: /cvsroot/mahogany/M/src/modules/Filters.cpp,v
retrieving revision 1.130
retrieving revision 1.131
diff -b -u -2 -r1.130 -r1.131
--- Filters.cpp 8 Sep 2002 19:23:11 -0000       1.130
+++ Filters.cpp 11 Sep 2002 14:21:39 -0000      1.131
@@ -2028,11 +2028,32 @@
 static bool CheckReceivedHeaders(const String& value)
 {
-   // "Received: from unknown" is very suspicious
-   const char *pc = strstr(value, "from unknown");
+   static const char *FROM_UNKNOWN_STR = "from unknown";
+   static const size_t FROM_UNKNOWN_LEN = strlen(FROM_UNKNOWN_STR);
+
+   // "Received: from unknown" is very suspicious, especially if it appears in
+   // the last "Received:" header, i.e. the first one in chronological order
+   const char *pc = strstr(value, FROM_UNKNOWN_STR);
    if ( !pc )
       return false;
 
    // it should be in the beginning of the header line
-   return pc == value.c_str() || *(pc - 1) == '\n';
+   if ( pc != value.c_str() && *(pc - 1) != '\n' )
+      return false;
+
+   // and it should be the last Received: header -- unfortunately there are
+   // sometimes "from unknown" warnings for legitimate mail so we try to reduce
+   // the number of false positives by checking the last header only as this is
+   // normally the only one which the spammer directly controls
+   pc = strstr(pc + FROM_UNKNOWN_LEN, "\r\n");
+   if ( !pc )
+   {
+      // the header must always be "\r\n" terminated anyhow!
+      FAIL_MSG( "no \"\\r\\n\" at the end of header?" );
+
+      return false;
+   }
+
+   // and there shouldn't be any more lines after this one
+   return !pc[2];
 }
 



-------------------------------------------------------
In remembrance
www.osdn.com/911/
_______________________________________________
Mahogany-cvsupdates mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/mahogany-cvsupdates

Reply via email to