6783 – IP address of NaSMail user should not be subjected to rules

Bug 6783 - IP address of NaSMail user should not be subjected to rules

Summary: IP address of NaSMail user should not be subjected to rules

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	3.3.1
Hardware:	All All

Importance:	P5 normal
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-04-02 12:15 UTC by Stephane Chazelas
Modified:	2012-04-02 23:20 UTC (History)
CC List:	6 users (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stephane Chazelas 2012-04-02 12:15:16 UTC

+++ This bug was initially created as a clone of Bug #3236 +++

NaSMail (a fork of Squirrelmail) logs the IP address of the sender of the message by adding a
Received header like this:

Received: from 142.169.110.122
        (NaSMail authenticated user synapse)
        by mail.nomis80.org with HTTP;
        Sat, 3 Apr 2004 10:33:43 -0500 (EST)

In that case, this may trigger rules such as RCVD_IN_DYNABLOCK and RCVD_IN_SORBS:

	*  2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
	*      [142.169.110.122 listed in dnsbl.sorbs.net]
	*  0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
	*      [142.169.110.122 listed in dnsbl.sorbs.net]

The IP address of the NaSMail user should not be checked against any such
rules. It is easy to discard the Received header as it contains the NaSMail
string.

The workaround is the same as for Bug #3236:

--- a
+++ b
@@ -428,8 +428,9 @@
     # bug 3236: ignore Squirrelmail injection steps.
     # from 142.169.110.122 (SquirrelMail authenticated user synapse) by
     # mail.nomis80.org with HTTP; Sat, 3 Apr 2004 10:33:43 -0500 (EST)
-    if (/ \(SquirrelMail authenticated user /) {
-      dbg("received-header: ignored SquirrelMail injection: $_");
+    # SC 2012-04-02, added NaSMail
+    if (/ \((?:SquirrelMail|NaSMail) authenticated user /) {
+      dbg("received-header: ignored SquirrelMail/NaSMail injection: $_");
       return 0;
     }

Comment 1 Kevin A. McGrail 2012-04-02 13:08:23 UTC

please submit example received headers or a patch suitable for t/rcvd_parser.t

regards,
KAM

Comment 2 Stephane Chazelas 2012-04-02 13:36:38 UTC

Hi Kevin,

here's one example:

from 67.85.219.192 (NaSMail authenticated user john.doe) by webmail.example.com with HTTP; Fri, 30 Mar 2012 12:39:58 +0100 (BST)

Comment 3 Adam Katz 2012-04-02 14:27:42 UTC

For full reference, please see also bug 3236 which was trumped by bug 6549

Comment 4 Kevin A. McGrail 2012-04-02 23:20:00 UTC

(In reply to comment #2)
> Hi Kevin,
> 
> here's one example:
> 
> from 67.85.219.192 (NaSMail authenticated user john.doe) by webmail.example.com
> with HTTP; Fri, 30 Mar 2012 12:39:58 +0100 (BST)

I prefer real-world examples not sanitized/fake versions.  

However, the change is small so I've added the rcvd test case and the small regex for NaSMail.

The patch below appears to be for 3.3.X but I've made the change only on trunk.




Index: lib/Mail/SpamAssassin/Message/Metadata/Received.pm
===================================================================
--- lib/Mail/SpamAssassin/Message/Metadata/Received.pm  (revision 1308568)
+++ lib/Mail/SpamAssassin/Message/Metadata/Received.pm  (working copy)
@@ -446,7 +446,8 @@
 
     # from 142.169.110.122 (SquirrelMail authenticated user synapse) by
     # mail.nomis80.org with HTTP; Sat, 3 Apr 2004 10:33:43 -0500 (EST)
-    if (/ \(SquirrelMail authenticated user /) {
+    # Expanded to NaSMail Bug 6783
+    if (/ \((?:SquirrelMail|NaSMail) authenticated user /) {
       #REVERTING bug 3236 and implementing re: bug 6549
       if (/(${IP_ADDRESS}).{10,80}by (\S+) with HTTP/) {
         $ip = $1; $by = $2; goto enough;
Index: t/rcvd_parser.t
===================================================================
--- t/rcvd_parser.t     (revision 1308568)
+++ t/rcvd_parser.t     (working copy)
@@ -18,7 +18,7 @@
 
 use lib '.'; use lib 't';
 use SATest; sa_t_init("rcvd_parser");
-use Test; BEGIN { plan tests => 142 };
+use Test; BEGIN { plan tests => 143 };
 use strict;
 
 # format is:
@@ -459,8 +459,12 @@
   '[ ip=153.90.199.141 rdns= helo= by=web1.cs.montana.edu ident= envfrom= id= auth= msa=0 ]',
 
   'from ausisaps301-dmz.aus.amer.dell.com ([143.166.226.16]) (SquirrelMail authenticated user hoolis); by www.penguintowne.org with HTTP; Mon, 22 Mar 2004 12:54:13 -0600 (CST)' =>
-  '[ ip=143.166.226.16 rdns= helo= by=www.penguintowne.org ident= envfrom= id= auth=Sendmail msa=0 ]'
+  '[ ip=143.166.226.16 rdns= helo= by=www.penguintowne.org ident= envfrom= id= auth=Sendmail msa=0 ]',
 
+  #ADDED PER Bug 6783
+  'from 67.85.219.192 (NaSMail authenticated user john.doe) by webmail.example.com with HTTP; Fri, 30 Mar 2012 12:39:58 +0100 (BST)' => 
+  '[ ip=67.85.219.192 rdns= helo= by=webmail.example.com ident= envfrom= id= auth= msa=0 ]'
+
 );
 
 my $sa = create_saobj();



svn commit -m 'Bug 6783 for NaSMail Received Header'
Sending        lib/Mail/SpamAssassin/Message/Metadata/Received.pm
Sending        t/rcvd_parser.t
Transmitting file data ..
Committed revision 1308610.