SA Bugzilla – Bug 3236
IP address of Squirrelmail user should not be subjected to rules
Last modified: 2005-03-10 17:33:42 UTC
Squirrelmail logs the IP address of the sender of the message by adding a Received header like this: Received: from 142.169.110.122 (SquirrelMail authenticated user synapse) by mail.nomis80.org with HTTP; Sat, 3 Apr 2004 10:33:43 -0500 (EST) In that case, this may trigger rules such as RCVD_IN_DYNABLOCK and RCVD_IN_SORBS: * 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address * [142.169.110.122 listed in dnsbl.sorbs.net] * 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS * [142.169.110.122 listed in dnsbl.sorbs.net] The IP address of the Squirrelmail user should not be checked against any such rules. It is easy to discard the Received header as it contains the SquirrelMail string.
Created attachment 1877 [details] Proposed patch Wow, I am really impressed by the readability of SpamAssassin's code. It took me only 5 minutes to locate where changes should be made. This patch simply skips any Received header added by SquirrelMail to indicate the IP address of the user. This IP address should be checked against any rule. The $by in this header could be used, but it will be repeated in the next Received header as the $ip.
thanks, fix checked in now. I didn't use your code though; I wanted to escape higher up just to be more paranoid about it. (rev 10143)
the same applies for the webmail client IMP (www.horde.org). Can you extend this patch to work with IMP too?
Created attachment 2511 [details] Ignores Received header inserted by IMP.
*** Bug 4008 has been marked as a duplicate of this bug. ***
Hi, I would like reopen this bug because the IMP-Patch never made into svn. I extended the patch to detect also the new IMP/Horde versions. Btw. feel free to move this patch to Bug 4008 which is about IMP and not Squirrel :-) Yours, Joerg
Created attachment 2693 [details] Extend IMP-Patch to IMP and Horde3
Subject: Re: IP address of Squirrelmail user should not be subjected to rules There's no need to ignore the header since it is automatically trusted provided the mail originates from your own IMP server (due to the 'with HTTP' token -- see bug 2462). If the mail doesn't originate from your network there is no reason to ignore it since you do want it so you can tell where the message originated from.