You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2013/03/22 19:28:50 UTC
[Bug 6920] New: SPF Plugin incorrectly parses existing
Received-SPF/Authetication Results headers
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920
Bug ID: 6920
Summary: SPF Plugin incorrectly parses existing
Received-SPF/Authetication Results headers
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Plugins
Assignee: dev@spamassassin.apache.org
Reporter: steve@stevefreegard.com
Classification: Unclassified
Created attachment 5139
--> https://issues.apache.org/SpamAssassin/attachment.cgi?id=5139&action=edit
Example message that demonstrates the issue
Just found this whilst testing a message that already contained Received-SPF
headers against a meta rule I was writing that looked for SPF_FAIL or
SPF_SOFTFAIL.
If the Received-SPF or Authentication-Results header is split across multiple
lines with a continuation then the plugin will fail to parse the
identity=(mfrom|mailfrom|helo) value.
In my case this causes the Received-SPF for the helo identity to be incorrectly
used as the mfrom result.
The problem appears to be this:
my @internal_hdrs = split("\n", $scanner->get('ALL-INTERNAL'));
The internal headers in ALL-INTERNAL are not collapsed with the continuations
removed. The plugin then iterates over the *lines*:
foreach my $hdr (@internal_hdrs) {
...
if ($hdr =~
/^received-spf:\s*(pass|neutral|(?:soft)?fail|none)\b(?:.*\bidentity=(\S+?);?\b)?/i)
{
This regexp will then fail to match if the header is split across multiple
lines.
I'm not entirely sure how best to fix this. I've attached a message which
demonstrates this issue.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6920] SPF Plugin incorrectly parses existing
Received-SPF/Authetication Results headers
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920
--- Comment #5 from Benny Pedersen <me...@junc.eu> ---
already using pypolicyd-spf here, and it works for me with reuse in spf plugin
with 3.3.2
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6920] SPF Plugin incorrectly parses existing
Received-SPF/Authetication Results headers
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920
Benny Pedersen <me...@junc.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |me@junc.eu
--- Comment #2 from Benny Pedersen <me...@junc.eu> ---
what spf checker is used in mta ?
can it be reproduced with trunk from here https://launchpad.net/pypolicyd-spf ?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6920] SPF Plugin incorrectly parses existing
Received-SPF/Authetication Results headers
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920
Steve Freegard <st...@stevefreegard.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |steve@stevefreegard.com
--- Comment #1 from Steve Freegard <st...@stevefreegard.com> ---
Output from -D spf with test message
Mar 22 18:30:26.089 [7809] dbg: spf: found a Received-SPF header added by an
internal host: Received-SPF: None (inbound1.OBFUSCATED.com: domain of
mail.alfa-leasing.hr
Mar 22 18:30:26.089 [7809] dbg: spf: re-using mfrom result from Received-SPF
header: none
Result is 'none' it should have been 'softfail'.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6920] SPF Plugin incorrectly parses existing
Received-SPF/Authetication Results headers
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920
Alessandro Vesely <ve...@tana.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vesely@tana.it
--- Comment #7 from Alessandro Vesely <ve...@tana.it> ---
(In reply to comment #0)
>
> If the Received-SPF or Authentication-Results header is split across
> multiple lines with a continuation then the plugin will fail to parse the
> identity=(mfrom|mailfrom|helo) value.
The Authntication-Results can be moreconveniently handled using the plugin
proposed as attachment of bug #6918. See also bug #6899.
> The problem appears to be this:
>
> my @internal_hdrs = split("\n", $scanner->get('ALL-INTERNAL'));
Yes, that doesn't work. Did that function change?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6920] SPF Plugin incorrectly parses existing
Received-SPF/Authetication Results headers
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920
--- Comment #4 from Steve Freegard <st...@stevefreegard.com> ---
(In reply to comment #3)
> (In reply to comment #2)
> > what spf checker is used in mta ?
>
> Haraka - with an SPF plugin that I wrote.
>
> > can it be reproduced with trunk from here
> > https://launchpad.net/pypolicyd-spf ?
>
> No idea - feel free to try it. The example I provide is enough so
> demonstrate the issue.
I should add that these headers are standard RFC 4408 headers, so should affect
anything adhering to the spec.
e.g.
Received-SPF: Fail (mybox.example.org: domain of
myname@example.com does not designate
192.0.2.1 as permitted sender)
identity=mailfrom; client-ip=192.0.2.1;
envelope-from=<my...@example.com>;
will fail in this case as the identity is on a line continuation.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6920] SPF Plugin incorrectly parses existing
Received-SPF/Authetication Results headers
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920
--- Comment #6 from Steve Freegard <st...@stevefreegard.com> ---
(In reply to comment #5)
> already using pypolicyd-spf here, and it works for me with reuse in spf
> plugin with 3.3.2
Ok - then it's either down to luck (if your Received-SPF headers appear with
identity=helo first and then identity=mailfrom after) or because the line is
sent without continuations, in a different format, or isn't working in the way
you think it is.
Either way - the code as it stands is way too fragile.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6920] SPF Plugin incorrectly parses existing
Received-SPF/Authetication Results headers
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920
--- Comment #3 from Steve Freegard <st...@stevefreegard.com> ---
(In reply to comment #2)
> what spf checker is used in mta ?
Haraka - with an SPF plugin that I wrote.
> can it be reproduced with trunk from here
> https://launchpad.net/pypolicyd-spf ?
No idea - feel free to try it. The example I provide is enough so demonstrate
the issue.
--
You are receiving this mail because:
You are the assignee for the bug.