Re: International Domain Characters and Header Checks

Mon, 30 May 2022 15:27:32 -0700 

On Thu, May 26, 2022 at 03:39:08PM -0500, Bryan K. Walton wrote:

> For example, one of our domain names is courseleaf.com.  We want to
> block any mail that has similar domain names in the From header.  An
> example might be: coǔrṣeleaf.com

1.  Note that corresponding IDN name is: "xn--coreleaf-rrc5224e.com",
    and some MUAs may display that name after conversion to UTF8.
    So you'd need to also block that.

2.  Rejecting your own domain in headers breaks mailing lists, since
    posts to mailing lists by your users may well come back with your
    domain name in the "From:" header.  [ Some lists move the address to
    "Reply-To:" when DMARC policy gets in the way of preserving it as-is. ]

3.  Robust parsing of "From:" and similar headers is best left to RFC822
    address parsers (in Python, Perl, ...), and so done in a milter or
    content filter.

> We currently have smtputf8 enabled, what can we use to block email with
> coǔrṣeleaf.com in the From: header?

A milter.

> > You could also (without enabling UTF8 RE syntax) check for the
> > underlying raw octets of the UTF-8 encoding of "ĕ".  All you
> > need to do for that is edit the regexp/pcre table with a UTF-8
> > enabled editor, and type a literal "ĕ" into the pattern.
> > 
> >     $ echo ĕĕ | (LANG=C LC_CTYPE=C LC_ALL=C egrep ĕĕ)
> >     ĕĕ
> 
> Sorry, I'm not understanding this.  I've tried putting into my header
> checks:
> 
> coǔrṣeleaf.com

Just include that string verbatim, with an editor that supports UTF-8
encoding of input text.


> co=C7=94r=E1=B9=A3eleaf.com (quoted printable)

No, don't do that.  The address is never encoded quoted-printable, only
display names undergo that encoding.

> co0x01D4r0x1E63eleaf.com (unicode converted to ascii)

Don't know where you got that idea.

> All of these let pass coǔrṣeleaf.com in the From header.  What am I
> missing?

Just match the verbatim string:
     
    $ RE='From:.*@(coǔrṣeleaf\.com)(:?[>,]|\s*$)'
    $ ACTION='REJECT mail from ${1}'
    $ HDR=$(printf 'From: Lance User <luser@%s>\n' 'coǔrṣeleaf.com')
    $ postmap -q "$HDR" pcre:<(printf '/%s/ %s\n' "$RE" "$ACTION")
    REJECT mail from coǔrṣeleaf.com

-- 
    Viktor.

Reply via email to