|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: header_check: regexp or PCRE? false positives?
From: Roger B.A. Klorese (rogerk
queernet.org)
Date: Mon Jan 03 2005 - 13:50:43 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Roger B.A. Klorese wrote:
> The following line in a header_checks file:
>
> /^Content-Type:(.*)name=(.*)\.com/ REJECT com
> extensions not allowed (Content-Type)
>
> ...is setting off "false" (not really, but undesired) matches against
> MIME headers.
>
> It's likely these are somehow forwards from somethingorother.com.
>
> Is the expression as strict as it could be? Is it specifically regexp
> or pcre, and how would I know?
As a follow-on: ".com" is being matched in the middle of the name:
Dec 27 08:44:21 mailbox postfix/cleanup[21204]: 8FD51189952: reject:
header Content-Type: image/jpeg; name="bb.com zzzzzz.jpg" from
n14a.bulk.scd.yahoo.com[66.94.237.28];
from=<sentto-11624011-2248-1104163486-xxxxxx=queernet.orgreturns.groups.yahoo.com>
to=<xxxxxxqueernet.org> proto=SMTP helo=<n14a.bulk.scd.yahoo.com>: com
extensions not allowed (Content-Type)
...should I replace the check with one for
/^Content-Type:(.*)name=(.*)\.com$/
and another for
/^Content-Type:(.*)name=(.*)\.com\"$/
Will these catch everything intended?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]