[Mimedefang] Curly braces in header (From: )
Dan Johansson
rabies2000 at hotmail.com
Thu Sep 21 16:55:57 EDT 2006
Hi List,
I am fairly new to MimeDefang so perhaps this question have been asked
previously, or is not really a MD issue at all.
Here is the problem:
I use MD (2.57) via milter (sendmail 8.13.8), Perl Modules from CPAN,
Spamassassin 3.1.5 on a linux install, distro slackware 10.0. This is a
frontend to an exchange system
The filter file is basically the KAM filter simulating report_safe in
spamassassin, slightly modified but with no new functionality or "trickery"
- my perl knowledge is limited to hello world.
Recently a flood of spam with seriously strange headers have started coming
(I guess everyone have seen them, pump'n'dump). The From header contains
curly braces.
Incoming mailheader looks like this (cut for brewity):
From: "Beatrice Sheldon" <pekepotlood at pandora.be>{SET:debug=51}
To: <someone at my.domain.com>
Subject: Tuesday.CRSVF.after the confrontation
Date: Tue, 19 Sep 2006 15:04:13 -0060
MIME-Version: 1.0
Content-Type: text/plain;
charset=iso-8859-1
Content-Transfer-Encoding: 7bit
[...]
when it's been ran through MimeDefang and is delivered upstream, the headers
look like this (cut for brewity):
From: "\"Beatrice
Sheldon\"<pekepotlood at pandora.be>{SET:pekepotlood"@pandora.be
To: <someone at my.domain.com>
Subject: Tuesday.CRSVF.after the confrontation [13.928]
Date: Tue, 19 Sep 2006 15:04:13 -0060
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="------------=_NextPart_1158678250-4223-nikc"
[...]
as you see, the From: header have been modified in a way i didn't expect.
This happens only for mails with these curly braces in the from field. As
the KAM filter builds a new message an attaches the original message to it,
one would expect the attached message also to have a modified From: header.
That is not the case, in the attached message, the From: header looks like
it does in the original.
I have tried pushing these headers through plain sendmail and postfix
installs, unable to reproduce the behaviour.
The core problem is that for some reason exchange (or possibly outlook)
throws errors at from fields like this, unable to open it (and thereby
unable to move it to another folder).
Pushing a mail looking like the original into exchange does not trigger the
problem. I don't know what exactly triggers the problem (escaped " ?) and to
be perfectly honest i do not care. I think exchange have worse bugs than
this one.
Initially I thought i could simply declare curly braces as invalid in
headers, but at least sendmail's default behaviour when handling STARTTLS is
to use curly braces in the Recieved: header so that is probably not a good
idea.
I don't see any valid reason for unescaped / unencoded curly braces in the
From: or To: fields, but i am unable to figure out if it really is allowed
or not.
Any pointers in the right direction will be very helpful. Tried googling but
either used the wrong terms or i am the only one that have noticed problems
with this.
Which information can i provide? I am not sure i should swamp the list with
the whole mimedefang-filter file.
Kind regards and thanks ahead of time,
/DJ
More information about the MIMEDefang
mailing list