You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2013/03/22 19:28:50 UTC

[Bug 6920] New: SPF Plugin incorrectly parses existing Received-SPF/Authetication Results headers

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920

            Bug ID: 6920
           Summary: SPF Plugin incorrectly parses existing
                    Received-SPF/Authetication Results headers
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Plugins
          Assignee: dev@spamassassin.apache.org
          Reporter: steve@stevefreegard.com
    Classification: Unclassified

Created attachment 5139
  --> https://issues.apache.org/SpamAssassin/attachment.cgi?id=5139&action=edit
Example message that demonstrates the issue

Just found this whilst testing a message that already contained Received-SPF
headers against a meta rule I was writing that looked for SPF_FAIL or
SPF_SOFTFAIL.

If the Received-SPF or Authentication-Results header is split across multiple
lines with a continuation then the plugin will fail to parse the
identity=(mfrom|mailfrom|helo) value.

In my case this causes the Received-SPF for the helo identity to be incorrectly
used as the mfrom result.

The problem appears to be this:

    my @internal_hdrs = split("\n", $scanner->get('ALL-INTERNAL'));

The internal headers in ALL-INTERNAL are not collapsed with the continuations
removed.  The plugin then iterates over the *lines*:

    foreach my $hdr (@internal_hdrs) {
...
        if ($hdr =~
/^received-spf:\s*(pass|neutral|(?:soft)?fail|none)\b(?:.*\bidentity=(\S+?);?\b)?/i)
{

This regexp will then fail to match if the header is split across multiple
lines.

I'm not entirely sure how best to fix this.  I've attached a message which
demonstrates this issue.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 6920] SPF Plugin incorrectly parses existing Received-SPF/Authetication Results headers

Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920

--- Comment #5 from Benny Pedersen <me...@junc.eu> ---
already using pypolicyd-spf here, and it works for me with reuse in spf plugin
with 3.3.2

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 6920] SPF Plugin incorrectly parses existing Received-SPF/Authetication Results headers

Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920

Benny Pedersen <me...@junc.eu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |me@junc.eu

--- Comment #2 from Benny Pedersen <me...@junc.eu> ---
what spf checker is used in mta ?

can it be reproduced with trunk from here https://launchpad.net/pypolicyd-spf ?

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 6920] SPF Plugin incorrectly parses existing Received-SPF/Authetication Results headers

Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920

Steve Freegard <st...@stevefreegard.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |steve@stevefreegard.com

--- Comment #1 from Steve Freegard <st...@stevefreegard.com> ---
Output from -D spf with test message

Mar 22 18:30:26.089 [7809] dbg: spf: found a Received-SPF header added by an
internal host: Received-SPF: None (inbound1.OBFUSCATED.com: domain of
mail.alfa-leasing.hr
Mar 22 18:30:26.089 [7809] dbg: spf: re-using mfrom result from Received-SPF
header: none

Result is 'none' it should have been 'softfail'.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 6920] SPF Plugin incorrectly parses existing Received-SPF/Authetication Results headers

Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920

Alessandro Vesely <ve...@tana.it> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |vesely@tana.it

--- Comment #7 from Alessandro Vesely <ve...@tana.it> ---
(In reply to comment #0)
> 
> If the Received-SPF or Authentication-Results header is split across
> multiple lines with a continuation then the plugin will fail to parse the
> identity=(mfrom|mailfrom|helo) value.

The Authntication-Results can be moreconveniently handled using the plugin
proposed as attachment of bug #6918.  See also bug #6899. 

> The problem appears to be this:
> 
>     my @internal_hdrs = split("\n", $scanner->get('ALL-INTERNAL'));

Yes, that doesn't work.  Did that function change?

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 6920] SPF Plugin incorrectly parses existing Received-SPF/Authetication Results headers

Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920

--- Comment #4 from Steve Freegard <st...@stevefreegard.com> ---
(In reply to comment #3)
> (In reply to comment #2)
> > what spf checker is used in mta ?
> 
> Haraka - with an SPF plugin that I wrote.
>  
> > can it be reproduced with trunk from here
> > https://launchpad.net/pypolicyd-spf ?
> 
> No idea - feel free to try it.  The example I provide is enough so
> demonstrate the issue.

I should add that these headers are standard RFC 4408 headers, so should affect
anything adhering to the spec.

e.g.

Received-SPF: Fail (mybox.example.org: domain of
                     myname@example.com does not designate
                     192.0.2.1 as permitted sender)
                     identity=mailfrom; client-ip=192.0.2.1;
                     envelope-from=<my...@example.com>;

will fail in this case as the identity is on a line continuation.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 6920] SPF Plugin incorrectly parses existing Received-SPF/Authetication Results headers

Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920

--- Comment #6 from Steve Freegard <st...@stevefreegard.com> ---
(In reply to comment #5)
> already using pypolicyd-spf here, and it works for me with reuse in spf
> plugin with 3.3.2

Ok - then it's either down to luck (if your Received-SPF headers appear with
identity=helo first and then identity=mailfrom after) or because the line is
sent without continuations, in a different format, or isn't working in the way
you think it is.

Either way - the code as it stands is way too fragile.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 6920] SPF Plugin incorrectly parses existing Received-SPF/Authetication Results headers

Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6920

--- Comment #3 from Steve Freegard <st...@stevefreegard.com> ---
(In reply to comment #2)
> what spf checker is used in mta ?

Haraka - with an SPF plugin that I wrote.

> can it be reproduced with trunk from here
> https://launchpad.net/pypolicyd-spf ?

No idea - feel free to try it.  The example I provide is enough so demonstrate
the issue.

-- 
You are receiving this mail because:
You are the assignee for the bug.