Front page | perl.qpsmtpd |
Postings from August 2012
This was reported as Debian bug#684571 (http://bugs.debian.org/684571): > When TLS is in use, qpsmtpd creates a Received header of the form > > Received: from 87.114.148.171.plusnet.thn-ag1.dyn.plus.net (HELO > george.localnet) (87.114.148.171) > (smtp-auth username XXELIDEDXXX, mechanism cram-md5) > by tauism.org (qpsmtpd/0.84) with (AES256-SHA encrypted) ESMTPSA; Thu, 02 > Aug 2012 23:04:55 +0100 > > According to RFC 5322, comments may not appear between "with" and the > protocol. The BNF allows only FWS there, not CFWS. This appears correct based on a quick read of RFC5321 (RFC5322 doesn't explicitly say as much but defers to 5321 concerning specific trace data). The reporter goes on to suggest that this causes a mis-parse by spamassassin and causes mail to be interpreted as from an untrusted source since the sender auth isn't collected. I haven't verified this part. Submitter provides a patch, available here: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=qpsmtpd-received-with-ssl.patch;att=1;bug=684571 Devin -- Devin \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2Thread Next