You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2006/01/10 20:48:41 UTC

[Bug 4759] New: "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759

           Summary: "fetchmail marker, restarting parse" can be used by
                    spammers to hide relay handovers from SA
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Libraries
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: jm@jmason.org


SA will restarting Received-header parsing if it sees a line like this:

Received: from localhost [127.0.0.1]
        by localhost with IMAP (fetchmail-6.2.5)
        for jm@localhost (single-drop); Sat, 31 Dec 2005 19:46:19 -0800 (PST)

unfortunately, we never checked to see if this was in the untrusted
relay set; sadly, it works in that situation, allowing a spammer to
"hide" the real handover from zombie to the scanner MX, so that the DNS
tests are not run on the correct IP.  demo to follow.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4759] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759


jm@jmason.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|Libraries                   |Security
   Target Milestone|Undefined                   |3.1.1






------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4759] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759





------- Additional Comments From jm@jmason.org  2006-01-10 20:51 -------
Created an attachment (id=3323)
 --> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=3323&action=view)
demo

here's a message to demo this.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4759] [review] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759





------- Additional Comments From jm@jmason.org  2006-01-11 04:26 -------
Created an attachment (id=3327)
 --> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=3327&action=view)
additional patch, fix t script




------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug 4759] [review] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759





------- Additional Comments From spamassassin@dostech.ca  2006-01-11 04:28 -------
+1



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug 4759] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759


jm@jmason.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Group|security                    |
                 CC|                            |dev@spamassassin.apache.org
          Component|Security                    |Libraries




------- Additional Comments From jm@jmason.org  2006-01-11 01:37 -------
yeah, not a whole lot. oops, my mistake...



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug 4759] [review] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759


jm@jmason.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED




------- Additional Comments From jm@jmason.org  2006-02-02 21:50 -------
applied to b3_1_0.  r374490.



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug 4759] [review] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759


spamassassin@dostech.ca changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|security@spamassassin.apache|
                   |.org                        |
  Status Whiteboard|needs 2 votes               |needs 1 votes




------- Additional Comments From spamassassin@dostech.ca  2006-01-11 02:14 -------
+1



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug 4759] [review] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759


jm@jmason.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|"fetchmail marker,          |[review] "fetchmail marker,
                   |restarting parse" can be    |restarting parse" can be
                   |used by spammers to hide    |used by spammers to hide
                   |relay handovers from SA     |relay handovers from SA
  Status Whiteboard|                            |needs 2 votes




------- Additional Comments From jm@jmason.org  2006-01-11 01:59 -------
ok, applied to trunk, 367853.



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug 4759] [review] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759


duncf@debian.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Status Whiteboard|needs 1 votes               |ready




------- Additional Comments From duncf@debian.org  2006-01-25 02:02 -------
+1



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug 4759] [review] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759





------- Additional Comments From parkerm@pobox.com  2006-02-02 16:35 -------
+1



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.