You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2006/01/05 05:38:48 UTC

[Bug 4752] New: bug in Received header parsing code

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4752

           Summary: bug in Received header parsing code
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Libraries
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: quinlan@pathname.com


The Received header parsing code can determine the trust boundary
incorrectly if the message is relayed from a private network,
through a public network, and back into a similarly numbered
(same class B) private network.  The bug "happens" here, although
it's easily debatable that it's caused where $first_by is set:

      # if the 'from' IP addr shares the same class B mask (/16) as
      # the first relay found in the message, it's still on the
      # user's network.
      elsif (Mail::SpamAssassin::Util::ips_match_in_16_mask
                                        ([ $relay->{ip} ], $first_by))
      {
        dbg("received-header: 'from' ".$relay->{ip}." is near to first 'by'");
        $inferred_as_trusted = 1;
      }



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.