Nigel Horne wrote:
> [EMAIL PROTECTED] wrote:
>> This patch adds an option to clamav-milter:
>>
>> -I
>> --insert-headers
>>
>> which adds new headers at the top instead.
>
> I am not persuaded that this option is needed.
OK, I'll take one more stab at persuading you, then I'll drop the issue. :)
In the dark ages of SMTP, few headers were added by receiving servers, and only
one was important - the Received: header. So Received: headers are piled in
dirty-laundry fashion, with the newest on top, but the rest of the headers are
in basically random order.
In this day of AV milters and SPF checks and DomainKeys and spam checks and
whatnot, receiving servers are adding more and more headers -- and these
headers are becoming more and more important. These headers frequently make
the difference between Inbox and Junk (a fate worse than REJECT!)
The question of spoofed headers then becomes critical. Adding headers at the
top rather than the bottom makes it easier to detect whether a header has been
spoofed.
Consider a sample email with clamav-milter -I:
X-Virus-Status: Clean
Received: from some-box by my-clamav-milter-server
Subject: ...
Because the X-Virus-Status: line is ABOVE the Received-line, I know it was
added by the clamav-milter immediately, just by looking at the order of the
headers.
On the other hand, without clamav-milter -I:
Received: from some-box by my-clamav-milter-server
Subject: ...
X-Virus-Status: Clean
... there are at least possibilities to consider:
1) Most likely is that clamav-milter is working, and X-Virus-Status: Clean was
added by my clamav-milter.
2) But there's a nagging doubt in the corner of my mind that my clamav-milter
is broken and the X-Virus-Status: Clean was already there.
So in general adding headers at the top is a Good Idea.
But it's not just a Good Idea - it's also what service providers are doing! For
example, Yahoo and Gmail.
Here's some sample headers from my Yahoo and Gmail accounts. Not only are the
new Received headers added at the top (of course) but also the new non-Received
headers are added at the top:
Yahoo: note the five headers (one Received:) added by mta219.mail.mud.yahoo.com
are at the top
X-Apparently-To: [EMAIL PROTECTED] via 206.190.48.157; Wed, 25 Jan 2006
15:08:49 -0800
X-Originating-IP: [63.214.0.182]
Return-Path: <[EMAIL PROTECTED]>
Authentication-Results: mta219.mail.mud.yahoo.com from=whatcounts.com;
domainkeys=neutral (no sig)
Received: from 63.214.0.182 (EHLO common2.wc09.net) (63.214.0.182) by
mta219.mail.mud.yahoo.com with SMTP; Wed, 25 Jan 2006 15:08:49 -0800
Received: from jungfrau (192.168.127.31) by common2.wc09.net
(PowerMTA(TM) v2.0r13) id hr01mi054e44; Wed, 25 Jan 2006 14:50:31 -0800
(envelope-from <[EMAIL PROTECTED]>)
From: "Joel On Software" <[EMAIL PROTECTED]> Add to Address BookAdd to
Address Book Add Mobile Alert
To: [EMAIL PROTECTED]
Subject: [JoelOnSoftware] Introduction to Great Design
Date: 25 Jan 2006 14:57:24 PST
Reply-to: "Joel On Software" <[EMAIL PROTECTED]>
MIME-version: 1.0
Content-type: text/plain
X-Mailer: WhatCounts
Content-Length: 764
GMail: note the mx.gmail.com host adds three headers, with Received: in the
middle. Then the 10.70.23.7 host adds only the Received: header. Finally the
10.64.241.4 host adds three headers. But all headers are added at the top.
X-Gmail-Received: 439162096a5153a8344d0383caf33e0f56565629
Delivered-To: [EMAIL PROTECTED]
Received: by 10.64.241.4 with SMTP id o4cs16905qbh;
Tue, 24 Jan 2006 21:25:22 -0800 (PST)
Received: by 10.70.23.7 with SMTP id 7mr422737wxw;
Tue, 24 Jan 2006 21:25:19 -0800 (PST)
Return-Path: <[EMAIL PROTECTED]>
Received: from pool-68-160-228-120.ny325.east.verizon.net
(pool-68-160-228-120.ny325.east.verizon.net [68.160.228.120])
by mx.gmail.com with SMTP id i11si69012wxd.2006.01.24.21.25.06;
Tue, 24 Jan 2006 21:25:19 -0800 (PST)
Received-SPF: neutral (gmail.com: 68.160.228.120 is neither permitted nor
denied by domain of [EMAIL PROTECTED])
To: [EMAIL PROTECTED]
From: "Kristle Phillis" <[EMAIL PROTECTED]>
Reply-To: "Kristle Phillis" <[EMAIL PROTECTED]>
Date: Wed, 25 Jan 2006 00:25:01 -0500
Subject: SAVE 80% CIALI*, XANA* & MANY MORE, JUST PAY AND WE SHIP, NEVER KEEP
UR RECORD fire
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.1691.7
Content-Type: multipart/related;
boundary="--BBGCEFGJFK-PIOZXHJLGMCW"
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
