Bug in SA.pm patch to MS 4.34.8-1

Quentin Campbell Q.G.Campbell at NEWCASTLE.AC.UK
Fri Oct 8 09:03:24 IST 2004 

Julian

You provided a patch to SA.pm that adds a new header "EnvelopeFrom: ..."
to the copy of the message passed to SA. 

There is a problem with this patch (see below for details). When it is
fixed the patch also needs to be added to MCP.pm so that the
envelope-from address can be tested by MCP rules as well.

The problem with your patch is that "EnvelopeFrom" is a pseudo-header
provided by SA to allow the address received in the "MAIL FROM" stage of
SMTP transactions to be tested in a rule. SA _does not_ expect to see
that header in the message.

SA attempts to discover the "envelope-from" address if it is made
available by the SMTP server. It does this by looking for a number of
common "envelope-from" header line forms in the message. All of this is
described in SA's (3.0.0) user config options manual pages. 

If SA finds any likely looking envelope-from header lines it uses a
heuristic to determine whether they are safe to use and sets
"EnvelopeFrom" accordingly.

To avoid this heuritic failing and chosing the wrong header value to
assign to "EnvelopeFrom", SA provides an option to set this value
explicitly in your SA prefs.conf file(s) in either or both MailScanner
and MailScanner-MCP.

The option is:

   envelope_sender_header  Name-Of-Header

Note that if you use your original patch and set 

   envelope_sender_header EnvelopeFrom

in MCP's mcp.spam.assassin.prefs.conf then in my case SA looped and ran
out of memory! 

I have changed the patch (in both SA.pm and MCP.pm) to use "X-NCL-From"
rather than "EnvelopeFrom" and it works fine if the prefs.conf has 

   envelope_sender_header X-NCL-From

specified. 

It seems there might be a problem with choice of header to add in SA.pm
and MCP.pm. If you use, say, "X-MailScanner-From" then there may already
be similar headers in the message added by upstream MTAs. In this case
the "envelope_sender_header" option does not appear to be of much help
since there will be more than one header of the same name to chose from.


I suspect that to be entirely safe each site needs a unique header to be
added but the site needs to know what that is so that it can set
"envelope_sender_header" accordingly.  
  
Quentin
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own." 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

More information about the MailScanner mailing list