On Thu, 2006-06-29 at 09:04 -0600, Chris Carey wrote: > I received a spam message today that the subject line was not tagged. > Investigating the header I found why. > > "Subject" was specified twice. MIMEDefang only modifed the first "Subject" > line. > > MIMEDefang modified the *first* subject with "[spam 15 hits]", but the > second remained unchanged. Mozilla Thunderbird chose to use the second > unchanged subject line as the one to show. Having "Subject" twice in > the email headers seems to be a way to get spam to arrive in someones > inbox without client-side rules catching it.. > > So the obvious question - How to have MIMEDefang catch when Subject is > specified twice (or more) in the header?
so thats why you should never trust your input data. how to prevent ? remove existing X-Spam headers input your X-Spam header (Yes/No/Score...) filter on these lines ;) Kind regards Michael Lang > > -- > Chris Carey > _______________________________________________ > NOTE: If there is a disclaimer or other legal boilerplate in the above > message, it is NULL AND VOID. You may ignore it. > > Visit http://www.mimedefang.org and http://www.roaringpenguin.com > MIMEDefang mailing list [email protected] > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang -- Michael Lang <[EMAIL PROTECTED]> _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
