You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2012/06/13 14:23:06 UTC

[Bug 6807] New: TVD_RCVD_SINGLE regex line

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6807

          Priority: P2
            Bug ID: 6807
          Assignee: dev@spamassassin.apache.org
           Summary: TVD_RCVD_SINGLE regex line
          Severity: normal
    Classification: Unclassified
                OS: Windows XP
          Reporter: stoked10@hotmail.com
          Hardware: PC
            Status: NEW
           Version: unspecified
         Component: Rules
           Product: Spamassassin

RFCs (1034 and 1035) 
http://tools.ietf.org/html/rfc1034
http://tools.ietf.org/html/rfc1035

state that a domain name can consist of lower and upper case characters and
that it is to be case insensitive. However TVD_RCVD_SINGLE in 72_active.cf only
checks for all lower case domain names:

header TVD_RCVD_SINGLE Received =~ /^from\s+(?!localhost)[^\s.a-z0-9-]+\s/

I believe it should be:

header TVD_RCVD_SINGLE Received =~ /^from\s+(?!localhost)[^\s.a-zA-Z0-9-]+\s/

There's probably more that this change should be expanded to, this is just the
one that I see hitting alot. Please advise if I missed the mark here or if this
is done for a specific reason.

Thanks!

-Jake

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 6807] TVD_RCVD_SINGLE regex line

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6807

Mark Martinec <Ma...@ijs.si> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|Undefined                   |3.4.0

--- Comment #2 from Mark Martinec <Ma...@ijs.si> ---
> header TVD_RCVD_SINGLE Received =~ /^from\s+(?!localhost)[^\s.a-zA-Z0-9-]+\s/

Btw, this rule only applies to the topmost Received header field
(because it uses the ^ anchor but is missing an /m flag), i.e. it only
applies to the Received field added by our own MTA in some setups.
I doubt that was the intention, I guess it should be processing
all Received header fields.

There are a couple of other similar rules using ^ or $ anchors
for a header field that can appear multiple times in a header,
but are missing the /m regexp modifier flag:

20_ratware.cf:

header RATWARE_RCVD_PF Received =~ / \(Postfix\) with ESMTP id [^;]+\; \S+ \d+
\S+ \d+ \d+:\d+:\d+ \S+$/s

72_active.cf:

header TVD_RCVD_IP Received =~ /^from\s+(?:\d+[^0-9a-zA-Z\s]){3}\d+[.\s]/
header TVD_RCVD_IP4 Received =~ /^from\s+(?:\d+\.){3}\d+\s/
header TVD_RCVD_SINGLE Received =~ /^from\s+(?!localhost)[^\s.a-z0-9-]+\s/
header __FSL_HELO_USER_2 Received =~ /from User(?:\s+by|\s*\(|$)/i

Should these be fixed?

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 6807] TVD_RCVD_SINGLE regex line

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6807

Kevin A. McGrail <km...@pccc.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kmcgrail@pccc.com
   Target Milestone|3.4.0                       |---

--- Comment #3 from Kevin A. McGrail <km...@pccc.com> ---
This is a discussion about a Rules which doesn't appear to require a target
milestone.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 6807] TVD_RCVD_SINGLE regex line

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6807

--- Comment #1 from Mark Martinec <Ma...@ijs.si> ---
> state that a domain name can consist of lower and upper case characters and
> that it is to be case insensitive. However TVD_RCVD_SINGLE in 72_active.cf
> only checks for all lower case domain names:
> header TVD_RCVD_SINGLE Received =~ /^from\s+(?!localhost)[^\s.a-z0-9-]+\s/
> I believe it should be:
> header TVD_RCVD_SINGLE Received =~ /^from\s+(?!localhost)[^\s.a-zA-Z0-9-]+\s/

You are right about case insensitivity of domain names.
But RFC 5321 also states that EHLO name should be a FQDN
or an address literal:

  The domain name given in the EHLO command MUST be either a primary
  host name (a domain name that resolves to an address RR) or, if
  the host has no name, an address literal

So even if a domain name is all capitals, it should contain
at least one dot, thus saving it from the TVD_RCVD_SINGLE rule.

> There's probably more that this change should be expanded to, this is just
> the one that I see hitting alot. Please advise if I missed the mark here or
> if this is done for a specific reason.

The rule is inexact one way or another. I don't know good does it do
in Q&A tests. The problem would be if a perfectly valid Received header
field would fire it, but apparently this is not the case.

-- 
You are receiving this mail because:
You are the assignee for the bug.