Bug 1034 - New rule for Content-type: message/external-body
Summary: New rule for Content-type: message/external-body
Status: RESOLVED LATER
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: SVN Trunk (Latest Devel Version)
Hardware: Other other
: P3 normal
Target Milestone: ---
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-09-27 09:07 UTC by Theo Van Dinter
Modified: 2002-12-17 09:13 UTC (History)
0 users


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Theo Van Dinter 2002-09-27 09:07:42 UTC 
Another note on Bugtraq about RFC 2046 where a Content-Type of
message/external-body could let spammers send a message through with a link to
an external site where the actual message body is retrieved via FTP or the like.

Like the message/partial bug, I haven't seen this in the real world yet, but
figure I may as well open a bug with the rule just so it's on the radar if this
becomes popular.  Setting to P3.

header          CTYPE_IS_EXTERNAL  Content-Type =~ /^message\/external-body\b/
describe        CTYPE_IS_EXTERNAL  Message calls for external body per RFC 2046
score           CTYPE_IS_EXTERNAL  4.0
Comment 1 Theo Van Dinter 2002-12-17 18:13:18 UTC 
I'm surprised this hasn't been abused more, but I can't see anyone doing this,
so I'm resolving the ticket for now.