[Mimedefang] suspicious characters in header
hans mayer
hans.mayer at relay.bfl.at
Fri May 17 12:25:36 EDT 2002
hi david and fans of md
i just analyzied such a HEADERS file
of a quarantined msg with
"Message quarantined because of suspicious characters in headers"
below there is a listing of the appearance of each char.
there is no \r and i don't find any suspicious char.
i can also post the entire msg, if necessary.
i am still using version 2.7
root> cbd HEADERS
x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 \b \t \n x b \f \r x
e x f
0 0 0 0 0 0 0 0 0 1 14 0 0 0
0 0
x20 ! " # $ % & ' ( ) * + , -
. /
59 0 2 0 2 0 0 0 6 6 0 1 2 16
31 1
0 1 2 3 4 5 6 7 8 9 : ; < =
> ?
44 23 18 10 11 8 8 15 8 7 18 3 4 1
4 0
@ A B C D E F G H I J K L M
N O
6 1 1 3 2 4 1 0 0 3 0 1 0 16
2 2
P Q R S T U V W X Y Z [ \ ]
^ _
6 0 4 6 7 2 1 2 3 0 1 4 0 4
0 0
` a b c d e f g h i j k l m
n o
0 23 8 16 12 40 9 4 14 31 3 2 16 20
30 43
p q r s t u v w x y z { | }
~ DEL
6 1 33 15 39 6 3 9 1 10 1 0 0 0
0 0
total characters : 800
best regards
hans
--
"David F. Skoll" wrote:
>
> On Tue, 14 May 2002, Steve Ladendorf wrote:
>
> > What is the exact definition of a suspicious character in the body or
> > header
>
> In the header: A carriage-return NOT followed by a newline.
>
> In the body: A carriage-return NOT followed by a newline, OR a NUL character
> (a zero byte.)
>
> We don't check for NUL's in headers because Sendmail's Milter API has
> no way to convey embedded NUL's in headers.
>
> > and is there any way to change what MIMEDefang thinks is
> > suspicious?
>
> Not without editing C code. If it only seems to happen for mailing-list
> messages, then (cautiously) skip the suspicious-checks based on $Sender or
> $RelayAddr.
>
> Regards,
>
> David.
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list