|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: header_check: regexp or PCRE? false positives?
From: Matt (math
mlists.ath.cx)
Date: Mon Jan 03 2005 - 14:07:25 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Roger B.A. Klorese wrote:
> As a follow-on: ".com" is being matched in the middle of the name:
> Dec 27 08:44:21 mailbox postfix/cleanup[21204]: 8FD51189952: reject:
> header Content-Type: image/jpeg; name="bb.com zzzzzz.jpg" from
> n14a.bulk.scd.yahoo.com[66.94.237.28];
> from=<sentto-11624011-2248-1104163486-xxxxxx=queernet.orgreturns.group
> s.yahoo.com> to=<xxxxxxqueernet.org> proto=SMTP
> helo=<n14a.bulk.scd.yahoo.com>: com extensions not allowed
> (Content-Type)
>
> ...should I replace the check with one for
> /^Content-Type:(.*)name=(.*)\.com$/
> and another for
> /^Content-Type:(.*)name=(.*)\.com\"$/
>
> Will these catch everything intended?
No. I know I'll probably get slapped down on this, but anchoring the .com
to the end of the line leaves you open to crap getting through. Many
undesirable mails have multiple filenames to try bypassing this very sort
of thing.
At the end of the day, is that actually a legitimate mail that you are
blocking?
Matt
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]