You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2012/04/02 14:15:16 UTC
[Bug 6783] New: IP address of Squirrelmail user should not be
subjected to rules
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6783
Bug #: 6783
Summary: IP address of Squirrelmail user should not be
subjected to rules
Product: Spamassassin
Version: 3.3.1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: Rules
AssignedTo: dev@spamassassin.apache.org
ReportedBy: stephane.chazelas@gmail.com
CC: iain@brunny.com,
Joerg.Dieter.Friedrich@uni-konstanz.de,
nomis80@nomis80.org
Classification: Unclassified
+++ This bug was initially created as a clone of Bug #3236 +++
NaSMail (a fork of Squirrelmail) logs the IP address of the sender of the
message by adding a
Received header like this:
Received: from 142.169.110.122
(NaSMail authenticated user synapse)
by mail.nomis80.org with HTTP;
Sat, 3 Apr 2004 10:33:43 -0500 (EST)
In that case, this may trigger rules such as RCVD_IN_DYNABLOCK and
RCVD_IN_SORBS:
* 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
* [142.169.110.122 listed in dnsbl.sorbs.net]
* 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
* [142.169.110.122 listed in dnsbl.sorbs.net]
The IP address of the NaSMail user should not be checked against any such
rules. It is easy to discard the Received header as it contains the NaSMail
string.
The workaround is the same as for Bug #3236:
--- a
+++ b
@@ -428,8 +428,9 @@
# bug 3236: ignore Squirrelmail injection steps.
# from 142.169.110.122 (SquirrelMail authenticated user synapse) by
# mail.nomis80.org with HTTP; Sat, 3 Apr 2004 10:33:43 -0500 (EST)
- if (/ \(SquirrelMail authenticated user /) {
- dbg("received-header: ignored SquirrelMail injection: $_");
+ # SC 2012-04-02, added NaSMail
+ if (/ \((?:SquirrelMail|NaSMail) authenticated user /) {
+ dbg("received-header: ignored SquirrelMail/NaSMail injection: $_");
return 0;
}
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6783] IP address of NaSMail user should not be subjected to
rules
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6783
Adam Katz <an...@khopis.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |antispam@khopis.com
--- Comment #3 from Adam Katz <an...@khopis.com> 2012-04-02 14:27:42 UTC ---
For full reference, please see also bug 3236 which was trumped by bug 6549
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6783] IP address of NaSMail user should not be subjected to
rules
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6783
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@pccc.com
--- Comment #1 from Kevin A. McGrail <km...@pccc.com> 2012-04-02 13:08:23 UTC ---
please submit example received headers or a patch suitable for t/rcvd_parser.t
regards,
KAM
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6783] IP address of NaSMail user should not be subjected to
rules
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6783
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #4 from Kevin A. McGrail <km...@pccc.com> 2012-04-02 23:20:00 UTC ---
(In reply to comment #2)
> Hi Kevin,
>
> here's one example:
>
> from 67.85.219.192 (NaSMail authenticated user john.doe) by webmail.example.com
> with HTTP; Fri, 30 Mar 2012 12:39:58 +0100 (BST)
I prefer real-world examples not sanitized/fake versions.
However, the change is small so I've added the rcvd test case and the small
regex for NaSMail.
The patch below appears to be for 3.3.X but I've made the change only on trunk.
Index: lib/Mail/SpamAssassin/Message/Metadata/Received.pm
===================================================================
--- lib/Mail/SpamAssassin/Message/Metadata/Received.pm (revision 1308568)
+++ lib/Mail/SpamAssassin/Message/Metadata/Received.pm (working copy)
@@ -446,7 +446,8 @@
# from 142.169.110.122 (SquirrelMail authenticated user synapse) by
# mail.nomis80.org with HTTP; Sat, 3 Apr 2004 10:33:43 -0500 (EST)
- if (/ \(SquirrelMail authenticated user /) {
+ # Expanded to NaSMail Bug 6783
+ if (/ \((?:SquirrelMail|NaSMail) authenticated user /) {
#REVERTING bug 3236 and implementing re: bug 6549
if (/(${IP_ADDRESS}).{10,80}by (\S+) with HTTP/) {
$ip = $1; $by = $2; goto enough;
Index: t/rcvd_parser.t
===================================================================
--- t/rcvd_parser.t (revision 1308568)
+++ t/rcvd_parser.t (working copy)
@@ -18,7 +18,7 @@
use lib '.'; use lib 't';
use SATest; sa_t_init("rcvd_parser");
-use Test; BEGIN { plan tests => 142 };
+use Test; BEGIN { plan tests => 143 };
use strict;
# format is:
@@ -459,8 +459,12 @@
'[ ip=153.90.199.141 rdns= helo= by=web1.cs.montana.edu ident= envfrom= id=
auth= msa=0 ]',
'from ausisaps301-dmz.aus.amer.dell.com ([143.166.226.16]) (SquirrelMail
authenticated user hoolis); by www.penguintowne.org with HTTP; Mon, 22 Mar 2004
12:54:13 -0600 (CST)' =>
- '[ ip=143.166.226.16 rdns= helo= by=www.penguintowne.org ident= envfrom= id=
auth=Sendmail msa=0 ]'
+ '[ ip=143.166.226.16 rdns= helo= by=www.penguintowne.org ident= envfrom= id=
auth=Sendmail msa=0 ]',
+ #ADDED PER Bug 6783
+ 'from 67.85.219.192 (NaSMail authenticated user john.doe) by
webmail.example.com with HTTP; Fri, 30 Mar 2012 12:39:58 +0100 (BST)' =>
+ '[ ip=67.85.219.192 rdns= helo= by=webmail.example.com ident= envfrom= id=
auth= msa=0 ]'
+
);
my $sa = create_saobj();
svn commit -m 'Bug 6783 for NaSMail Received Header'
Sending lib/Mail/SpamAssassin/Message/Metadata/Received.pm
Sending t/rcvd_parser.t
Transmitting file data ..
Committed revision 1308610.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6783] IP address of NaSMail user should not be subjected to
rules
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6783
--- Comment #2 from Stephane Chazelas <st...@gmail.com> 2012-04-02 13:36:38 UTC ---
Hi Kevin,
here's one example:
from 67.85.219.192 (NaSMail authenticated user john.doe) by webmail.example.com
with HTTP; Fri, 30 Mar 2012 12:39:58 +0100 (BST)
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6783] IP address of NaSMail user should not be subjected to
rules
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6783
Stephane Chazelas <st...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |stephane.chazelas@gmail.com
Summary|IP address of Squirrelmail |IP address of NaSMail user
|user should not be |should not be subjected to
|subjected to rules |rules
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.