6664 – check_freemail_header() misses many domains

Bug 6664 - check_freemail_header() misses many domains

Summary: check_freemail_header() misses many domains

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Plugins (show other bugs)
Version:	3.3.1
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-09-25 19:23 UTC by Cedric Knight
Modified:	2018-02-23 18:18 UTC (History)
CC List:	4 users (show)

Attachment	Type	Actions	Submitter/CLA Status
Patch to Freemail.pm to catch freemail forgeries	patch	None	Cedric Knight
Test case that intended code will miss	text/plain	None	Cedric Knight
Easier test case caught by either complete or partial fix	text/plain	None	Cedric Knight
fix for multiple emails in headers	patch	None	Giovanni Bechis
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Cedric Knight 2011-09-25 19:23:42 UTC

Created attachment 4972 [details]
Patch to Freemail.pm to catch freemail forgeries

FREEMAIL_FORGED_REPLYTO is missing about 50% of potential hits, because the Reply-To address passed to _is_freemail() is usually terminated with a chevron and/or newline.  As a result it only matches the regexes ending .*.  This is because of a Perl programming error.  What is intended is:

@@ -419,7 +423,7 @@
         }
     }
 
-    my $email = lc($pms->get(index($header,':') ? $header : $header.":addr"));
+    my $email = lc($pms->get(index($header,':') >= 0 ? $header : $header.":addr"));
 
     if ($email eq '') {
         dbg("header $header not found from mail");

However, there are further issues I'd suggest fixing at the same time.  Firstly, a spammer wanting a reply to a freemail address might include it as one of *multiple* addresses in a Reply-To header.  Hence, each should be tested for freemail and compared to the From.  

Secondly, by adding an optional parameter for a header to compare to, FREEMAIL_FORGED_REPLYTO could be made quite versatile and catch more freemail spam in the first instance then FREEMAIL_REPLYTO (excluding lists and annoying anomalies like Linkedin in the rules); also FREEMAIL_REPLYTO_END_DIGIT could lose the FPs where From and Reply-To are equal (eg in a personalised Mailman list); and various other combinations testing (X-)Sender and Errors-To against From become possible.  (I've tested the variant rules against a live stream and would like to submit them for mass testing and scoring in a separate bug.)

Comment 1 Cedric Knight 2011-09-25 19:29:10 UTC

Created attachment 4973 [details]
Test case that intended code will miss

Comment 2 Cedric Knight 2011-09-25 19:30:32 UTC

Created attachment 4974 [details]
Easier test case caught by either complete or partial fix

Comment 3 Cedric Knight 2011-09-25 19:53:02 UTC

(BTW I have signed a CLA as listed at http://people.apache.org/committer-index.html#unlistedclas)

Comment 4 Kevin A. McGrail 2011-09-26 13:31:45 UTC

(In reply to comment #3)
> (BTW I have signed a CLA as listed at
> http://people.apache.org/committer-index.html#unlistedclas)

CLA status should be up to date.  Thanks.

Comment 5 Mark Martinec 2011-10-04 16:49:17 UTC

> As a result it only matches the regexes ending .*.
> This is because of a Perl programming error.

A bug indeed, index() returns -1 on a failure.


Where does the $hdrexclude in the patch come from?
Should be declared, defined and documented.

Comment 6 Giovanni Bechis 2017-11-30 08:04:39 UTC

Bug is a duplicated of bz #6871 and fixed in svn r1416457.
Enhancement is not documented and is lying for 6 years.
Is somebody interested in this enhancement or we should close the bz ?

Comment 7 Kevin A. McGrail 2017-11-30 12:54:09 UTC

I think it was just missed because of the duplicated bug.  I had it my mind it was fixed.  Do you mind looking at this and checking 3.4 and trunk to make a patch that you think is ready to commit?

Regards,
KAM

Comment 8 Giovanni Bechis 2017-12-01 07:33:44 UTC

The bug[¹] has been fixed in both trunk and 3.4 branch, as for the enhancement, I will finish the patch soon.

[¹] 
-    my $email = lc($pms->get(index($header,':') ? $header : $header.":addr"));
+    my $email = lc($pms->get(index($header,':') >= 0 ? $header : $header.":addr"));

Comment 9 Giovanni Bechis 2017-12-06 18:44:13 UTC

Created attachment 5490 [details]
fix for multiple emails in headers

As the original post said, if there are multiple emails in a Reply-To header as on test1 example it wont get catched.
Adding an option to be able to do more tests is an additional enhancement and a second step.

Comment 10 Giovanni Bechis 2018-02-23 18:18:26 UTC

Fix for enhancement committed in r1825153.