Found a small bug in MailScanner.pm

James Gray james at grayonline.id.au
Fri Sep 22 00:52:15 IST 2006


On 22/09/2006, at 9:37 AM, Scott Silva wrote:

> Holger Gebhard spake the following on 9/21/2006 3:00 PM:
>> Hi Julian,
>>
>> i found a small bug in MailScanner.pm (sub HandleSpamBounce)...
>> With the current code no Spambounce can be send... Results in a
>> malformed message ;-)
>>
>> Current:
>>
>> # Boring untainting again...
>> /(.*)/;
>> $emailmsg .= MailScanner::Config::DoPercentVars($line) . "\n";
>> $line = eval "\"$1\"";
>>
>> Must be:
>>
>> # Boring untainting again...
>> /(.*)/;
>> $line = eval "\"$1\"";
>> $emailmsg .= MailScanner::Config::DoPercentVars($line) . "\n";
>>
>>
>> Regards
>>
>> Holger
>>
> Since spam bouncing is a BAD idea, I don't think that Julian is in  
> a real
> hurry to fix that one ;-)

We use it for outgoing mail.  IOW, if an internal user sends a  
"spammy" message, it will get quarantined, the sender notified but  
NOT the recipient.  The sales and marketing guys hated it at first  
but when I told them if our filters don't flag it as spam, there's  
very little chance any one else's will either.  They decided it was a  
Good Thing(tm); they get more marketing delivered to more people with  
a higher degree of success.

Spam bouncing has its uses, but certainly NOT for incoming mail from  
untrusted networks.

Cheers,

James


More information about the MailScanner mailing list