You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2006/01/10 20:48:41 UTC
[Bug 4759] New: "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759
Summary: "fetchmail marker, restarting parse" can be used by
spammers to hide relay handovers from SA
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: Libraries
AssignedTo: dev@spamassassin.apache.org
ReportedBy: jm@jmason.org
SA will restarting Received-header parsing if it sees a line like this:
Received: from localhost [127.0.0.1]
by localhost with IMAP (fetchmail-6.2.5)
for jm@localhost (single-drop); Sat, 31 Dec 2005 19:46:19 -0800 (PST)
unfortunately, we never checked to see if this was in the untrusted
relay set; sadly, it works in that situation, allowing a spammer to
"hide" the real handover from zombie to the scanner MX, so that the DNS
tests are not run on the correct IP. demo to follow.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4759] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759
jm@jmason.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|Libraries |Security
Target Milestone|Undefined |3.1.1
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4759] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759
------- Additional Comments From jm@jmason.org 2006-01-10 20:51 -------
Created an attachment (id=3323)
--> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=3323&action=view)
demo
here's a message to demo this.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4759] [review] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759
------- Additional Comments From jm@jmason.org 2006-01-11 04:26 -------
Created an attachment (id=3327)
--> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=3327&action=view)
additional patch, fix t script
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
[Bug 4759] [review] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759
------- Additional Comments From spamassassin@dostech.ca 2006-01-11 04:28 -------
+1
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
[Bug 4759] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759
jm@jmason.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Group|security |
CC| |dev@spamassassin.apache.org
Component|Security |Libraries
------- Additional Comments From jm@jmason.org 2006-01-11 01:37 -------
yeah, not a whole lot. oops, my mistake...
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
[Bug 4759] [review] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759
jm@jmason.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
------- Additional Comments From jm@jmason.org 2006-02-02 21:50 -------
applied to b3_1_0. r374490.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
[Bug 4759] [review] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759
spamassassin@dostech.ca changed:
What |Removed |Added
----------------------------------------------------------------------------
CC|security@spamassassin.apache|
|.org |
Status Whiteboard|needs 2 votes |needs 1 votes
------- Additional Comments From spamassassin@dostech.ca 2006-01-11 02:14 -------
+1
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
[Bug 4759] [review] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759
jm@jmason.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|"fetchmail marker, |[review] "fetchmail marker,
|restarting parse" can be |restarting parse" can be
|used by spammers to hide |used by spammers to hide
|relay handovers from SA |relay handovers from SA
Status Whiteboard| |needs 2 votes
------- Additional Comments From jm@jmason.org 2006-01-11 01:59 -------
ok, applied to trunk, 367853.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
[Bug 4759] [review] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759
duncf@debian.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard|needs 1 votes |ready
------- Additional Comments From duncf@debian.org 2006-01-25 02:02 -------
+1
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
[Bug 4759] [review] "fetchmail marker, restarting parse" can be used by spammers to hide relay handovers from SA
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4759
------- Additional Comments From parkerm@pobox.com 2006-02-02 16:35 -------
+1
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.