[milters] Archive

Lists Index Date Thread Search

Article: 1727
From: Anthony Howe
Date: 2007-09-23 08:47:53 -0400
Subject: Re: blacklisting domains for milter-link error

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Anthony wrote after lunch...
> Christian 'CBE' Benner wrote:
>> your test result will be positive 'cause there's a lot of text before.
>> Try to establish a telnet connection on port 25
>> type  such thins like
>> 
>> 
>> 
>> ehlo me.com
>> mail from: <test@test.com>
>> rcpt to: <your_address@here.com>
>> data
>> http://test.com
>> .
> 
> OK. Will look into this, but I suspect that because there is no header 
> section in the message and that either
> 
> a) sendmail is treating this as a message with an "http:" header and an 
> empty message body, so passes the milter a header split into name/value 
> parts, ie. "name=http:" value="//test.com", which doesn't as one
expects 
> in filterHeader(). I would also suspect such messages do not display
> in Thunderbird or Outlook Depress, so I don't see the utility by the 
> spammer in this sort of message, so it might be a bug in their code.

I just tested this and proved case a) applies:

----
helo zephyr.snert.com
250 mx.snert.net Hello [62.210.114.125], pleased to meet you
mail from:<achowe@snert.com>
250 2.1.0 <achowe@snert.com>... Sender ok
rcpt to:<achowe@snert.com>
250 2.1.5 <achowe@snert.com>... Recipient ok
data
354 Enter mail, end with "." on a line by itself
http://bargins.com/
.
250 2.0.0 l8NCWnZr010843 Message accepted for delivery
----

and received this:

----
Return-Path: <achowe@snert.com>
Received: from zephyr.snert.com ([62.210.114.125])
	by mx.snert.net (8.14.1/8.14.1) with SMTP id l8NCWnZr010843
	for <achowe@snert.com>; Sun, 23 Sep 2007 14:33:11 +0200 (CEST)
Date: Sun, 23 Sep 2007 14:32:50 +0200 (CEST)
From: Anthony Howe <achowe@snert.com>
Message-Id: <200709231233.l8NCWnZr010843@mx.snert.net>
http://bargins.com/
X-Scanned-By: milter-spamc/1.11.382.382 (mx.snert.net [82.97.10.34]); 
Sun, 23 Sep 2007 14:33:37 +0200
X-Spam-Status: NO, hits=4.40 required=5.00

----

The message appears as empty in Thunderbird and only by looking at the 
message source do you see the URL. I would be inclined to say that this 
is not a bug in milter-link, but an unusual abuse of RFC 2822 and how 
sendmail work. The reason is that white space between the header 
name-colon and value are optional, so sendmail treats it as a header and 
gives it to the milter as two variables, name and value.

I don't think there is anything I can really do in this case. Even 
"gluing" the name and value strings back together as one and parsing it 
for a URI would not be correct. Who's to say that some RFC message 
extension hasn't defined an "http:" header, maybe similar to List-URL: 
header or what not.

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         ICQ: 7116561          BarricadeMX & Milters
http://www.snert.com/                 
     http://www.snertsoft.com/

Lists Index Date Thread Search