You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mailet-api@james.apache.org by "Tellier Benoit (JIRA)" <ma...@james.apache.org> on 2017/08/10 11:28:01 UTC
[jira] [Resolved] (MAILET-159) RemoveHeaderByPrefix mailet +
HasHeaderWithPrefix matcher
[ https://issues.apache.org/jira/browse/MAILET-159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tellier Benoit resolved MAILET-159.
-----------------------------------
Resolution: Fixed
https://github.com/linagora/james-project/pull/926 solved the issue
> RemoveHeaderByPrefix mailet + HasHeaderWithPrefix matcher
> ---------------------------------------------------------
>
> Key: MAILET-159
> URL: https://issues.apache.org/jira/browse/MAILET-159
> Project: James Mailet
> Issue Type: Bug
> Components: Base Mailets
> Affects Versions: master
> Reporter: Tellier Benoit
> Fix For: master
>
>
> We, at Linagora, use Headers to pass information from James to other subsystems. Such example can be found as the ICALToHeader mailet.
> However, this introduces a vulnerability: someone can send a mail with these headers, and pretend some processing happened in our James instance. To avoid this, we strip such header.
> But every time we add a new header, we need to add a new RemoveMimeHeader Mailet parameter from stripping. This is error prone.
> We would like the removal to be doable by prefix: this way, if all of our specific share a common prefix, we don't need to review configuration every time we add a feature.
> Thus:
> - RemoveHeaderByPrefix allow removal of you prefixed header
> - HasHeaderWithPrefix allow you to report emails using your internals prefix, to potentially take further actions
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)