Bug 223429
Summary: | sieve can't process the folded Received header | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | ryo fujita <rfujita> |
Component: | cyrus-imapd | Assignee: | Tomas Janousek <tjanouse> |
Status: | CLOSED NOTABUG | QA Contact: | Brian Brock <bbrock> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 4.4 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-02-02 04:23:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
ryo fujita
2007-01-19 09:16:45 UTC
Are you sure the problem is in sieve? I just tried the following on our poboxes: (header :regex :comparator "i;ascii-casemap" "Received" "by mx[123]gaga\\.redhat\\.com", true) And the mail contained: Received: from helo_host_name (FQDN [1.2.3.4]) by mx1gaga.redhat.com (8.12.11.20060308/8.12.1) And it did match. I would recommend adding some whitespace catching regex or even .* in front of "by mx" and trying again. (In reply to comment #1) > Are you sure the problem is in sieve? I just tried the following on our poboxes: Sure. I'd like to check BOTH FQDN and a hostname in "by" field. For example, Received: from dhcp123456.example.com (dhcp123456.example.com [1.2.3.4]) by mx1.redhat.com (8.12.11.20060308/8.12.1) This header means that a mail was received by external MTA from "dhcp-suspicious" host. Most of hosts having strings like dhcp/adsl/dynamic/ppp in hostname is suspected of non-MTA. If there are plural Received headers in a mail header, I need to check if the host in "by" field faces the Internet. And if FQDN matches some rules, the mail may be a SPAM. Reference:Selective smtp rejection http://www.gabacho-net.jp/en/anti-spam/anti-spam-system.html One more example, Received: from outmx.example.com (outmx.example.com [1.2.3.4]) by mx1.redhat.com (8.12.11.20060308/8.12.1) Received: from dhcp-2-1-168-192.int.example.com (dhcp-2-1-168-192.int.example.com [192.168.1.2]) by outmx.example.com (8.12.11.20060308/8.12.1) The host dhcp-1-1-168-192.int.example.com may be internal relaying MTA. If I can check only FQDN, I will drop this mail to Junk box because Received headers have "dhcp" string. (In reply to comment #1) > Are you sure the problem is in sieve? I just tried the following on our poboxes: > > (header :regex :comparator "i;ascii-casemap" "Received" "by > mx[123]gaga\\.redhat\\.com", true) > > And the mail contained: > Received: from helo_host_name (FQDN [1.2.3.4]) > by mx1gaga.redhat.com (8.12.11.20060308/8.12.1) > > And it did match. > > I would recommend adding some whitespace catching regex or even .* in front of > "by mx" and trying again. Umm, I wrote a bad example. I tried something like "\) *by mx[123]\\.redhat\\.com" and yes, it did work. Please follow my advice of replacing the space before "by" with a whitespace-eating pattern and let me know if _that_ works. Thank you for the important hint! Characters exsisting between ")" and "by" are 0x0a and 0x09. I had to use a regex like "\)[:blank:]*by" here. (In reply to comment #3) > Umm, I wrote a bad example. I tried something like "\) *by > mx[123]\\.redhat\\.com" and yes, it did work. Please follow my advice of > replacing the space before "by" with a whitespace-eating pattern and let me know > if _that_ works. |