Bug in SA.pm patch to MS 4.34.8-1

Quentin Campbell Q.G.Campbell at NEWCASTLE.AC.UK
Fri Oct 8 11:52:46 IST 2004


Julian

The "EnvelopeFrom" pseudo-header may be working for you and with SPF.

It is not working here unless SA.pm and MCP.pm are patched as I
described earlier. :-(

I need this feature to work because I want to define rules in MCP that
will allow me to discard messages to certain local addresses if the
envelope-from address is not from our two domains, ncl.ac.uk or
newcastle.ac.uk.

Quentin 
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own."  

>-----Original Message-----
>From: MailScanner mailing list 
>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>Sent: 08 October 2004 09:08
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: Bug in SA.pm patch to MS 4.34.8-1
>
>At 09:03 08/10/2004, you wrote:
>>Julian
>>
>>You provided a patch to SA.pm that adds a new header 
>"EnvelopeFrom: ..."
>>to the copy of the message passed to SA.
>>
>>There is a problem with this patch (see below for details). When it is
>>fixed the patch also needs to be added to MCP.pm so that the
>>envelope-from address can be tested by MCP rules as well.
>>
>>The problem with your patch is that "EnvelopeFrom" is a pseudo-header
>>provided by SA to allow the address received in the "MAIL 
>FROM" stage of
>>SMTP transactions to be tested in a rule. SA _does not_ expect to see
>>that header in the message.
>>
>>SA attempts to discover the "envelope-from" address if it is made
>>available by the SMTP server. It does this by looking for a number of
>>common "envelope-from" header line forms in the message. All 
>of this is
>>described in SA's (3.0.0) user config options manual pages.
>>
>>If SA finds any likely looking envelope-from header lines it uses a
>>heuristic to determine whether they are safe to use and sets
>>"EnvelopeFrom" accordingly.
>>
>>To avoid this heuritic failing and chosing the wrong header value to
>>assign to "EnvelopeFrom", SA provides an option to set this value
>>explicitly in your SA prefs.conf file(s) in either or both MailScanner
>>and MailScanner-MCP.
>>
>>The option is:
>>
>>    envelope_sender_header  Name-Of-Header
>>
>>Note that if you use your original patch and set
>>
>>    envelope_sender_header EnvelopeFrom
>>
>>in MCP's mcp.spam.assassin.prefs.conf then in my case SA 
>looped and ran
>>out of memory!
>>
>>I have changed the patch (in both SA.pm and MCP.pm) to use 
>"X-NCL-From"
>>rather than "EnvelopeFrom" and it works fine if the prefs.conf has
>>
>>    envelope_sender_header X-NCL-From
>>
>>specified.
>>
>>It seems there might be a problem with choice of header to 
>add in SA.pm
>>and MCP.pm. If you use, say, "X-MailScanner-From" then there 
>may already
>>be similar headers in the message added by upstream MTAs. In this case
>>the "envelope_sender_header" option does not appear to be of much help
>>since there will be more than one header of the same name to 
>chose from.
>>
>>
>>I suspect that to be entirely safe each site needs a unique 
>header to be
>>added but the site needs to know what that is so that it can set
>>"envelope_sender_header" accordingly.
>
>Thanks for that. For now, I have removed the patch. SPF works 
>on my systems
>perfectly well without it. I'll let people read the SA docs 
>and set it up
>appropriately if SPF doesn't work without manual tweaking.
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
>Buy the MailScanner book at www.MailScanner.info/store
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).



More information about the MailScanner mailing list