Re: [courier-users] Subtle header modification PATCH
On Fri 14/Dec/2012 13:03:50 +0100 Sam Varshavchik wrote: Alessandro Vesely writes: On Fri 14/Dec/2012 01:01:23 +0100 Sam Varshavchik wrote: Alessandro Vesely writes: From: u...@example.com To: l...@example.org get changed to: From: u...@example.com To: l...@example.org After looking a bit closer at the code, I think I could try a patch, next week, say. How about NOADDRTRANSCRIBE? Try it; not sure about the name, NOADDRREWRITE sounds better. On 17.12.12 19:40, Alessandro Vesely wrote: I see no other reason than DKIM signatures to avoid rewriting those lines. as long as I've been maintaining spam filters, I think rewriting mail should be done only if it's really a MUST. Any rewriting makes spam detecting harder... just my $.02 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you. -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Subtle header modification PATCH
Matus UHLAR - fantomas wrote on 22.12.2012 20:06: On Fri 14/Dec/2012 13:03:50 +0100 Sam Varshavchik wrote: Alessandro Vesely writes: On Fri 14/Dec/2012 01:01:23 +0100 Sam Varshavchik wrote: Alessandro Vesely writes: From: u...@example.com To: l...@example.org get changed to: From: u...@example.com To: l...@example.org After looking a bit closer at the code, I think I could try a patch, next week, say. How about NOADDRTRANSCRIBE? Try it; not sure about the name, NOADDRREWRITE sounds better. On 17.12.12 19:40, Alessandro Vesely wrote: I see no other reason than DKIM signatures to avoid rewriting those lines. as long as I've been maintaining spam filters, I think rewriting mail should be done only if it's really a MUST. Any rewriting makes spam detecting harder... just my $.02 +$0.5. I'd consider including variable totally suppressing any rewriting. MIME=none unfortunately isn't sufficient. -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Subtle header modification PATCH
On Fri 14/Dec/2012 13:03:50 +0100 Sam Varshavchik wrote: Alessandro Vesely writes: On Fri 14/Dec/2012 01:01:23 +0100 Sam Varshavchik wrote: Alessandro Vesely writes: From: u...@example.com To: l...@example.org get changed to: From: u...@example.com To: l...@example.org After looking a bit closer at the code, I think I could try a patch, next week, say. How about NOADDRTRANSCRIBE? Try it; not sure about the name, NOADDRREWRITE sounds better. Sure, I just tried to avoid a the double 'R'... I see no other reason than DKIM signatures to avoid rewriting those lines. The assumption that zdkimfilter makes, that incoming mail can be signed while outgoing mail is not, does not have to be true in general. For example, a relay can use a smarthost with SMTP AUTH and submit DKIM-signed mail. So I allowed three values to NOADDRREWRITE: never, always, and depending on the presence of a signature. I tested submission works as expected. I also patched esmtpd*.dist, but did not test install-configure, nor the web config. For readability, the large hunk that ends the patch, @@ -1811,33 +1822,40 @@, would have been two small hunks using diff -wu: @@ -1811,6 +1822,12 @@ headername == reply-to || headername == sender) { + // The signature SHOULD be prepended to the message. + + if (noaddrrewrite 1) +noaddrrewrite = 0; + if (!noaddrrewrite) + { char *errmsg; char *new_header=rw_rewrite_header(mf-module, header.c_str(), @@ -1839,6 +1856,7 @@ free(new_header); header += '\n'; } + } if (headername == from !bofh_checkspf(BOFHSPFFROM, off, off)) { Is that ok? -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Subtle header modification PATCH
This time with the patch... On Fri 14/Dec/2012 13:03:50 +0100 Sam Varshavchik wrote: Alessandro Vesely writes: On Fri 14/Dec/2012 01:01:23 +0100 Sam Varshavchik wrote: Alessandro Vesely writes: From: u...@example.com To: l...@example.org get changed to: From: u...@example.com To: l...@example.org After looking a bit closer at the code, I think I could try a patch, next week, say. How about NOADDRTRANSCRIBE? Try it; not sure about the name, NOADDRREWRITE sounds better. Sure, I just tried to avoid a the double 'R'... I see no other reason than DKIM signatures to avoid rewriting those lines. The assumption that zdkimfilter makes, that incoming mail can be signed while outgoing mail is not, does not have to be true in general. For example, a relay can use a smarthost with SMTP AUTH and submit DKIM-signed mail. So I allowed three values to NOADDRREWRITE: never, always, and depending on the presence of a signature. I tested submission works as expected. I also patched esmtpd*.dist, but did not test install-configure, nor the web config. For readability, the large hunk that ends the patch, @@ -1811,33 +1822,40 @@, would have been two small hunks using diff -wu: @@ -1811,6 +1822,12 @@ headername == reply-to || headername == sender) { + // The signature SHOULD be prepended to the message. + + if (noaddrrewrite 1) +noaddrrewrite = 0; + if (!noaddrrewrite) + { char *errmsg; char *new_header=rw_rewrite_header(mf-module, header.c_str(), @@ -1839,6 +1856,7 @@ free(new_header); header += '\n'; } + } if (headername == from !bofh_checkspf(BOFHSPFFROM, off, off)) { Is that ok? --- ./courier/module.local/localmail.orig.c 2012-04-22 16:05:29.0 +0200 +++ ./courier/module.local/localmail.c 2012-12-17 16:26:12.0 +0100 @@ -319,8 +319,9 @@ static const char *envvars[]={ DSNNOTIFY, DSNRET, - NOADDATE, + NOADDDATE, NOADDMSGID, + NOADDRREWRITE, MIME, 0}; --- ./courier/doc/layout.orig.html 2011-04-04 16:47:58.0 +0200 +++ ./courier/doc/layout.html 2012-12-17 16:41:08.0 +0100 @@ -228,6 +228,10 @@ pcodeNOADDDATE/code - if set, submit will not add a codeDate:/code header, if the message doesn't have it./p + pcodeNOADDRREWRITE/code - if set, submit will not rewrite any + codeFrom:/code, codeTo:/code, and codeCc:/code header, or check + whether the message has a codeDKIM-Signature:/code before doing so./p + pcodeSIZELIMIT/code - maximum size of a message in bytes. Larger messages are rejected. If this environment variable is not set, emCourier/em will read the codecontrol/sizelimit/code file. --- ./courier/doc/submit.orig.html.in 2012-04-21 04:12:09.0 +0200 +++ ./courier/doc/submit.html.in2012-12-17 16:51:11.0 +0100 @@ -160,7 +160,13 @@ code class=literalMessage-Id:/code header to the message, if it does not have it. If this environment variable is set, the span class=applicationCourier/span mail server will not add a -code class=literalMessage-Id:/code header./p/dddtspan class=termMIME/span/dtddp +code class=literalMessage-Id:/code header./p/dddtspan class=termNOADDRREWRITE/span/dtddp +Normally the span class=applicationCourier/span mail server rewrites addresses in the +code class=literalFrom:/code, code class=literalTo:/code, code class=literalCc:/code header fields. +If this environment variable is set to code class=literal1/code, the +span class=applicationCourier/span mail server will not rewrite them. If it is set to a higher value, +the span class=applicationCourier/span mail server will only rewrite it if no +code class=literalDKIM-Signature:/code header field was found./p/dddtspan class=termMIME/span/dtddp Normally the span class=applicationCourier/span mail server adds any missing RFC2045 headers to the message. The code class=envarMIME/code environment variable --- ./courier/module.esmtp/esmtpd-ssl.orig.dist.in 2012-06-22 14:20:44.0 +0200 +++ ./courier/module.esmtp/esmtpd-ssl.dist.in 2012-12-17 16:36:10.0 +0100 @@ -65,6 +65,13 @@ NOADDDATE=1 +##NAME: NOADDRREWRITE:0 +# +# Don't rewrite To:, From:, and Cc: headers. Set to 2 in order to omit +# rewriting them only if there is a DKIM-Signature. + +NOADDRREWRITE=0 + ##NAME: ESMTP_LOG_DIALOG:0 # # If set, log the esmtp dialog. --- ./courier/module.esmtp/esmtpd.orig.dist.in 2011-04-11 13:01:33.0 +0200 +++ ./courier/module.esmtp/esmtpd.dist.in 2012-12-17 16:35:51.0 +0100 @@ -72,6 +72,13 @@ NOADDDATE=1 +##NAME: NOADDRREWRITE:0 +# +# Don't rewrite To:, From:, and Cc: headers. Set to 2 in order to omit +# rewriting them only if there is a DKIM-Signature. +
Re: [courier-users] Subtle header modification PATCH
Alessandro Vesely writes: For readability, the large hunk that ends the patch, @@ -1811,33 +1822,40 @@, would have been two small hunks using diff -wu: @@ -1811,6 +1822,12 @@ headername == reply-to || headername == sender) { + // The signature SHOULD be prepended to the message. + + if (noaddrrewrite 1) +noaddrrewrite = 0; + if (!noaddrrewrite) + { char *errmsg; char *new_header=rw_rewrite_header(mf-module, header.c_str(), @@ -1839,6 +1856,7 @@ free(new_header); header += '\n'; } + } if (headername == from !bofh_checkspf(BOFHSPFFROM, off, off)) { Is that ok? That looks fairly clear. pgpU7mXeQxNkO.pgp Description: PGP signature -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Subtle header modification
On Fri 14/Dec/2012 01:01:23 +0100 Sam Varshavchik wrote: Alessandro Vesely writes: when I receive a message with, say: From: u...@example.com To: l...@example.org those non-compliant headers get changed to: From: u...@example.com To: l...@example.org I'm unclear on where the angle bracket removal happens. The code in submit.C seems to be concerned with submission rather than reception (also because it entails a 511 Headers specify no recipients that I never saw on incoming mail.) submit.C handles all mail, but only locally-submitted mail have their headers reformatted, and not in submit.C but sendmail.c I think it happens in getrcpts(). At line 1815 I see this call: char*new_header=rw_rewrite_header(mf-module, header.c_str(), RW_HEADER|RW_SUBMIT, addresst, errmsg); That's a couple of spans above the checks for NOADDMSGID and NOADDATE. I set the former but not the latter. I attach a small test file to confirm what takes place. If there's any intermediate step in your mail path, such as maildrop or .courier forwarding the message somewhere, that can come across as a locally-submitted mail, that's subject to header rewriting. But I should get extra Received: lines such path. Header rewriting occurs in sendmail.c, which only gets invoked via the command line, or by external script. courieresmtpd.c runs submit directly, no header rewriting takes place in that path. Some does... After looking a bit closer at the code, I think I could try a patch, next week, say. How about NOADDRTRANSCRIBE? ---BeginMessage--- Below I copy the session: Trying 172.25.197.1... Connected to wmail.tana.it. Escape character is '^]'. 220 wmail.tana.it ESMTP EHLO localhost 250-wmail.tana.it Ok. 250-AUTH LOGIN CRAM-MD5 CRAM-SHA1 250-STARTTLS 250-XCOURIEREXTENSIONS 250-XVERP=Courier 250-XEXDATA 250-XSECURITY=NONE,STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 250 DSN MAIL FROM: 250 Ok. RCPT TO:ves...@tana.it 250 Ok. DATA 354 Ok. From: u...@example.com To: angle-addr@another.example Subject: session transcript The angles are there... ---End Message--- -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Subtle header modification
Alessandro Vesely writes: On Fri 14/Dec/2012 01:01:23 +0100 Sam Varshavchik wrote: Alessandro Vesely writes: when I receive a message with, say: From: u...@example.com To: l...@example.org those non-compliant headers get changed to: From: u...@example.com To: l...@example.org I'm unclear on where the angle bracket removal happens. The code in submit.C seems to be concerned with submission rather than reception (also because it entails a 511 Headers specify no recipients that I never saw on incoming mail.) submit.C handles all mail, but only locally-submitted mail have their headers reformatted, and not in submit.C but sendmail.c I think it happens in getrcpts(). At line 1815 I see this call: char*new_header=rw_rewrite_header(mf-module, header.c_str(), RW_HEADER|RW_SUBMIT, addresst, errmsg); That's a couple of spans above the checks for NOADDMSGID and NOADDATE. I set the former but not the latter. I attach a small test file to confirm what takes place. If there's any intermediate step in your mail path, such as maildrop or .courier forwarding the message somewhere, that can come across as a locally-submitted mail, that's subject to header rewriting. But I should get extra Received: lines such path. Header rewriting occurs in sendmail.c, which only gets invoked via the command line, or by external script. courieresmtpd.c runs submit directly, no header rewriting takes place in that path. Some does... After looking a bit closer at the code, I think I could try a patch, next week, say. How about NOADDRTRANSCRIBE? Try it; not sure about the name, NOADDRREWRITE sounds better. pgpPGL3pYh0iz.pgp Description: PGP signature -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Subtle header modification
Sam, when I receive a message with, say: From: u...@example.com To: l...@example.org those non-compliant headers get changed to: From: u...@example.com To: l...@example.org I'm unclear on where the angle bracket removal happens. The code in submit.C seems to be concerned with submission rather than reception (also because it entails a 511 Headers specify no recipients that I never saw on incoming mail.) Is there a way to avoid that modification? The problem is that fixing them breaks any DKIM signature that signed them. -- -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Subtle header modification
Alessandro Vesely writes: Sam, when I receive a message with, say: From: u...@example.com To: l...@example.org those non-compliant headers get changed to: From: u...@example.com To: l...@example.org I'm unclear on where the angle bracket removal happens. The code in submit.C seems to be concerned with submission rather than reception (also because it entails a 511 Headers specify no recipients that I never saw on incoming mail.) submit.C handles all mail, but only locally-submitted mail have their headers reformatted, and not in submit.C but sendmail.c If there's any intermediate step in your mail path, such as maildrop or .courier forwarding the message somewhere, that can come across as a locally-submitted mail, that's subject to header rewriting. Header rewriting occurs in sendmail.c, which only gets invoked via the command line, or by external script. courieresmtpd.c runs submit directly, no header rewriting takes place in that path. Is there a way to avoid that modification? The problem is that fixing them breaks any DKIM signature that signed them. Yes, well, the only thing that can be done is to eliminate any external steps in the mail path. pgpUjTS6SFV5a.pgp Description: PGP signature -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users