Hi,
I'm just investigating some emails that were quarantined possibly incorrectly. They were bouces from spammers forging the from address but I'm not quite sure why the Illegal breakage in headers was matched.
Is it because of the X-Mailer: IronMail(TM) v3.1.2 header?
Is that a bug with QS or a bug with QSst or a problem with IronMail ?
Running QS 1.20st
Full headers below.
Regards,
Rick
Hi Rick
I don't think this is a bug, this part isn't changed in QS-1.20st. I'm also tracking this problem. My server receives everyday several messages from a miling list that are blocked. Some days ago I disabled $BAD_MIME_CHECKS (in a whitelist way) and then those messages come through. Now I have enabled it again to understad the problem
I've added some new debugs to track the problem, here they are:
7/12/2003 18:51:41:10576: +++ starting debugging for process 10576 by uid=81
17/12/2003 18:51:41:10576: w_c: found CRL/NULL in header - invalid if this is a MIME message
17/12/2003 18:51:41:10576: w_c: Ecco le headers:
Received: from host6.zenit.org (209.239.41.230)
by 0 with SMTP; 17 Dec 2003 17:51:39 -0000
Received: by host6.zenit.org (Postfix on SuSE Linux SLES-7 (PPC), from userid 65534)
id 118F3706AC; Wed, 17 Dec 2003 12:51:12 -0500 (EST)
To: <[EMAIL PROTECTED]>
Subject: ZENIT Rassegna - 17 Dicembre 2003
From: ZENIT <[EMAIL PROTECTED]>
Content-Type: text/html
17/12/2003 18:51:41:10576: w_c: elapsed time from start 5.520045 secs
17/12/2003 18:51:41:10576: return-path='[EMAIL PROTECTED]', recips='[EMAIL PROTECTED]'
17/12/2003 18:51:41:10576: from='ZENIT <[EMAIL PROTECTED]>', subj='ZENIT Rassegna - 17 Dicembre 2003', via SMTP from 209.239.4
1.230
17/12/2003 18:51:41:10576: p_s: Disallowed characters found in MIME headers - 1.0
17/12/2003 18:51:41:10576: p_s: finished scan in 0.021172 secs
17/12/2003 18:51:41:10576: ini_sc: finished scan of "/var/spool/qmailscan/tmp/apo136.usc.urbe.it107168350151810576"...
17/12/2003 18:51:41:10576: ini_sc: elapsed time from start 5.588913 secs
17/12/2003 18:51:46:10576: ------ Process 10576 finished. Total of 5.720147 secs
And this is the piece of code that catch this strange problem:
$HEADERS .= $_;
#Catch any naughty illegal header chars here
if ($BAD_MIME_CHECKS && /\r|\0/) {
$illegal_mime=1;
&debug("w_c: found CRL/NULL in header - invalid if this is a MIME message");
# st: What's the matter with ZENIT?
&minidebug("w_c: found CRL/NULL in header - invalid if this is a MIME message");
&minidebug("w_c: Ecco le headers :\n$HEADERS");
}
It seems that there is an "\r" after '...(209.239.41.230)' and another one after '...userid 65534)'.
I don't understand yet why the header must not have CR/NULL. Maybe Jason can give us an explanation and how to work around.
Of course it is possible just to disable $BAD_MIME_CHECKS, but I like them. Io voglio capire (I want to understand)
Cheers
Salvatore
Received: from unknown (HELO jpmchase.com) (170.148.48.178)
by mta001.aei.ca with DES-CBC3-SHA encrypted SMTP; 17 Dec 2003 10:37:22 -0000
Message-ID: <[EMAIL PROTECTED]>
From: "Postmaster" <>
To: [EMAIL PROTECTED]
Reply To: <>
Subject: Delivery Notification for [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],
[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]
Date: Wed, 17 Dec 2003 04:56:29 -0500 (EST)
MIME-Version: 1.0
Content-type: multipart/report;
report-type=delivery-status;
boundary="*C*I*P*H*E*R*T*R*U*S*T*1071654989.073538*"
X-Mailer: IronMail(TM) v3.1.2
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
