|

»

»

[Bug 844] New: h_from empty if angle brackets not closed

View: New views

3 Messages — Rating Filter: Alert me

	[Bug 844] New: h_from empty if angle brackets not closed by fperillo :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message ------- You are receiving this mail because: ------- You are on the CC list for the bug. http://bugs.exim.org/show_bug.cgi?id=844 Summary: h_from empty if angle brackets not closed Product: Exim Version: 4.69 Platform: Other OS/Version: Linux Status: NEW Severity: security Priority: critical Component: ACLs AssignedTo: nigel@... ReportedBy: fperillo@... QAContact: fperillo@... CC: exim-dev@... Spammers are sending messages with "From:" or "To:" tags in the body w/o closing the angle bracket, hence the h_from is apparently not parsed correctly and the h_from exim variable is not assigned, actually disabling acl written for the h_from sanitization. An header excerpt from an "offending" message: Received: from 95-24-139-215.broadband.corbina.ru ([95.24.139.215])by=20 mail1.camera.it with smtp (Exim 4.68)(envelope-from = <licjun@...>)id 1Lu2ZW-0006lj-HKfor dummy@...; Wed, 15 Apr 2009 12:42:27 = +0200 To: <dummy@... Subject: Ricerchiamo collaboratori in gruppo operante a livello globale. From: <forged@... MIME-Version: 1.0 Importance: High Could also the EOL be used to terminate the variables ?) -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
	[Bug 844] h_from empty if angle brackets not closed by Bugzilla from nigel@exim.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message ------- You are receiving this mail because: ------- You are on the CC list for the bug. http://bugs.exim.org/show_bug.cgi?id=844 --- Comment #1 from Nigel Metheringham <nigel@...> 2009-07-02 12:45:49 --- Should this not instead be picked up as a syntax error in the from rather than spending time attempting to parse invalid stuff? -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
	[Bug 844] h_from empty if angle brackets not closed by Bugzilla from nigel@exim.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message ------- You are receiving this mail because: ------- You are on the CC list for the bug. http://bugs.exim.org/show_bug.cgi?id=844 Nigel Metheringham <nigel@...> changed: What \|Removed \|Added ---------------------------------------------------------------------------- Severity\|security \|bug Status\|NEW \|ASSIGNED Priority\|critical \|medium --- Comment #2 from Nigel Metheringham <nigel@...> 2009-10-14 12:17:42 --- Reclassed - not a critical bug -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##