You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2007/10/12 09:58:09 UTC
[Bug 5680] New: ALL_TRUSTED fires even if X-Originating-IP is used
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5680
Summary: ALL_TRUSTED fires even if X-Originating-IP is used
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: Libraries
AssignedTo: dev@spamassassin.apache.org
ReportedBy: mbr@freebsd.org
If the 'num_relays_untrusted count' is zero, ALL_TRUSTED
fires which shouldn't really happen.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5680] ALL_TRUSTED fires even if X-Originating-IP is used
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5680
jm@jmason.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|Undefined |3.2.4
------- Additional Comments From jm@jmason.org 2007-10-15 09:50 -------
this shouldn't happen, alright.
however, the patch isn't safe; there's nothing guaranteeing that the eval-test
check_rbl() method will be called before the ALL_TRUSTED rule, since it's
supported that admins may use the "priority" keyword to rearrange the ordering
in which rules are evaluated. A better place to do that would be in the
message-metadata parse stage in Mail::SA::Message::Metadata::Received.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5680] [review] ALL_TRUSTED fires even if X-Originating-IP is used
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5680
------- Additional Comments From mbr@freebsd.org 2007-11-03 03:26 -------
Ok, looks better. But why:
+ # a synthetic header, generated internally:
+ # Received: X-Originating-IP: 1.2.3.4
+ if (/^X-Originating-IP: (\S+)$/) {
+ $ip = $1; $by = ''; goto enough;
+ }
Shouldn't that be:
+ # a synthetic header, generated internally:
+ # Received: X-Originating-IP: 1.2.3.4
+ if (/^X-(?:Originating-IP|Yahoo-Post-IP|Apparently-From|SenderIP): (\S+)$/) {
+ $ip = $1; $by = ''; goto enough;
+ }
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5680] ALL_TRUSTED fires even if X-Originating-IP is used
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5680
mbr@freebsd.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #4155 is|0 |1
obsolete| |
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5680] [review] ALL_TRUSTED fires even if X-Originating-IP is used
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5680
sidney@sidney.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard|needs 1 votes for 3.2 |ready for commit to 3.2
| |branch
------- Additional Comments From sidney@sidney.com 2007-12-20 23:21 -------
+1
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5680] [review] ALL_TRUSTED fires even if X-Originating-IP is used
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5680
jm@jmason.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #4179 is|0 |1
obsolete| |
------- Additional Comments From jm@jmason.org 2007-11-02 11:36 -------
Created an attachment (id=4180)
--> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=4180&action=view)
new implementation as in trunk
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5680] ALL_TRUSTED fires even if X-Originating-IP is used
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5680
------- Additional Comments From mbr@freebsd.org 2007-10-12 00:59 -------
Created an attachment (id=4154)
--> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=4154&action=view)
Patch to solve the problem.
Patch to solve the problem.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5680] ALL_TRUSTED fires even if X-Originating-IP is used
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5680
------- Additional Comments From mbr@freebsd.org 2007-10-12 01:02 -------
Created an attachment (id=4155)
--> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=4155&action=view)
Proposed patch
Hopefully no missing line this time
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5680] [review] ALL_TRUSTED fires even if X-Originating-IP is used
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5680
jm@jmason.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From jm@jmason.org 2007-12-21 01:57 -------
applied to 3.2.x:
: jm 590...; svn commit -m "bug 5680: ALL_TRUSTED can fire if a trusted MSA or
webmail system receives the message from an untrusted X-Originating-IP: header"
Sending lib/Mail/SpamAssassin/Message/Metadata/Received.pm
Sending t/trust_path.t
Transmitting file data ..
Committed revision 606150.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5680] [review] ALL_TRUSTED fires even if X-Originating-IP is used
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5680
jm@jmason.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|ALL_TRUSTED fires even if X-|[review] ALL_TRUSTED fires
|Originating-IP is used |even if X-Originating-IP is
| |used
------- Additional Comments From jm@jmason.org 2007-11-02 11:36 -------
(In reply to comment #4)
> New version as proposed from Justin: Lookup headers like X-Originating-IP too
> in Metadata/Received.pm
ok, that was nearly it -- but I added some tests and found a few failure cases
(in particular if the X-Originating-IP was trusted but a non-192.168 address, it
*wouldn't be added to the list at all*; also trusted/external/internal is not a
single set of cases.
I've checked in a replacement that adds those test cases, and passes them...
it's in SVN trunk:
: jm 14...; svn commit -m "bug 5680: ALL_TRUSTED fires even if X-Originating-IP
appears in headers; add IP addresses from the 'X-Yahoo-Post-IP',
'X-Originating-IP', 'X-Apparently-From', 'X-SenderIP' headers to the relays list
in order to fix this"
Sending lib/Mail/SpamAssassin/Message/Metadata/Received.pm
Sending t/trust_path.t
Transmitting file data ..
Committed revision 591423.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5680] [review] ALL_TRUSTED fires even if X-Originating-IP is used
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5680
------- Additional Comments From mbr@freebsd.org 2007-11-03 03:28 -------
Ouch. Forget it. You process the synthetic header which
looks always the same.
>
> Shouldn't that be:
>
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5680] [review] ALL_TRUSTED fires even if X-Originating-IP is used
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5680
------- Additional Comments From jm@jmason.org 2007-11-03 03:47 -------
(In reply to comment #8)
> Ouch. Forget it. You process the synthetic header which
> looks always the same.
yep ;)
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5680] ALL_TRUSTED fires even if X-Originating-IP is used
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5680
mbr@freebsd.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #4154 is|0 |1
obsolete| |
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5680] [review] ALL_TRUSTED fires even if X-Originating-IP is used
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5680
spamassassin@dostech.ca changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard| |needs 1 votes for 3.2
------- Additional Comments From spamassassin@dostech.ca 2007-11-06 13:54 -------
+1
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5680] ALL_TRUSTED fires even if X-Originating-IP is used
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5680
------- Additional Comments From mbr@freebsd.org 2007-11-02 06:12 -------
Created an attachment (id=4179)
--> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=4179&action=view)
X-Originating-IP patch for Metadata/Received.pm
New version as proposed from Justin: Lookup headers like X-Originating-IP too
in Metadata/Received.pm
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.