develooper Front page | perl.qpsmtpd | Postings from April 2013

I found the future by dredging in the past

From:
Matt Simerson
Date:
April 30, 2013 03:23
Subject:
I found the future by dredging in the past
Message ID:
5F0680DA-79A3-4884-9F8A-F8504B7762BA@tnpi.net

I found myself wanting to check for clients who are adding illegal whitespace after the MAIL FROM and RCPT TO commands.  Before I started hacking, I did a quick search and found this thread:

Stricter parsing of mail from: and rcpt to:

http://grokbase.com/t/perl/qpsmtpd/04cmjwqh9p/stricter-parsing-of-mail-from-and-rcpt-to/oldest

The gist of the thread is that a number of people were for stricter parsing, a number were against, and nothing happened. A similar exchange was had regarding angle brackets, except that time hooks were added allowing plugins to rewrite the address, adding the missing angle brackets.

For other similar purposes, Qpsmtpd::Command was added, and the ability to substitute ones own parser was added, probably about the same time the parse_addr_withhelo plugin was added. 

But I don't need an entirely new parser. I just want to do something quick and fun like:

   if ( 'from: ' eq lc substr($envelope_header, 0, 6) ) {
        $self->adjust_karma(-1);
   };

After reading the proposed solutions, the one I adopted was storing the unparsed line in a connection note, making it available to plugins that wish to inspect and act upon it.

Matt

PS: I find it amusing that 7 or 8 years later, clients inserting that space have a 97+% correlation with infected PCs. Not enough to block based on it, but more than enough to cast suspicious glances.

--- a/lib/Qpsmtpd/SMTP.pm
+++ b/lib/Qpsmtpd/SMTP.pm
@@ -354,6 +354,7 @@ sub mail {
     }
 
     $self->log(LOGDEBUG, "full from_parameter: $line");
+    $self->connection->notes('envelope_from', $line);
     $self->run_hooks("mail_parse", $line);
 }
 
@@ -442,6 +443,7 @@ sub mail_respond {
 
 sub rcpt {
     my ($self, $line) = @_;
+    $self->connection->notes('envelope_rcpt', $line);
     $self->run_hooks("rcpt_parse", $line);
 }
 




nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About