Dňa 12. apríla 2023 19:15:19 UTC používateľ MRob via Exim-users
<exim-users@exim.org> napísal:
>On 2023-04-12 17:42, Slavko via Exim-users wrote:
>> Use raw header for address extracting -- $rh_From: that works
>> for both, quoted and encoded content...
>
>If using rh_From: is there risk to get tricked with header like:
>
>From: "spammer_addr...@example.bad" <compromised_acco...@example.com>
Simple put that line in some file and try itself by -bem, eg:
exim -bem /file/with/that_header '${address:$rh_From:}'
>${address:} expansion is following RFC 2822... so maybe its ok and the
>importance is $h_ should never be used with ${address:} because that address
>expansion will decode it anyway??
Hard to say, headers can be broken (by mistake or by purpose)
in many ways. One usually do not need look into From: headers
from foreign source, but will want eg. to extract domain from it
for DKIM (DMARC intended) signature from own messages, thus
ensure valid From: header on MSA with in depth inspection.
I delegate in depth message inspection to rspamd, with
some exceptions -- mostly Subject: and attachments (eg. for
DMARC reports extraction/routing).
>Also question about $h_ decoding, I dont remember if quoting is required if it
>is encoded like my exmaple. Is the example a invalid header because it needs
>quoting? Or is the problem that i'm using two unrelated steps for full
>parsing? ($h_ then ${address:})
RFC defines when quotes are required, the "@" is one of that
case, exim properly checks that syntax with control=verifyXY
ACL (sorry i forgot exact) condition.
AFAIK, the name part is either quoted (for ASCII only) or
encoded (for nonASCII). But i often see encoded ASCII
only chars (rspamd detects that), and often in legitime
messages...
BTW, i am always surprised how problematic are nonASCII
things. My first bigger computer project was to teach computer
to print chars nowadays known as Latin2 & Cyrillic (in 1984 :-) ),
Nowadays it is no problem to print/show that, but...
regards
--
Slavko
https://www.slavino.sk/
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
