Discussion:
[AMaViS-user] workround for bad headers
(too old to reply)
Rocco Scappatura
2007-05-21 13:08:25 UTC
Permalink
I get these warning..

WARNING: bad headers - Improper use of control character (char 0D hex):
Subject: Richiesta di Invio Schede Prodotto\r \n

I saw the amavisd.conf:

# for defanging bad headers only turn on certain minor contents
categories:
$defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header

Should I comment it or what I have to do to disable this check?

What is it implies?

rocsca

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Mark.Martinec+ (Mark Martinec)
2007-05-21 15:30:55 UTC
Permalink
Rocco,
Post by Rocco Scappatura
I get these warning..
Subject: Richiesta di Invio Schede Prodotto\r \n
If this is coming from your clients, these really need to be fixed,
using a bare CR within a header is an ugly offense. Allowing such
headers may lead careless mail clients to think a header field
ends there.
Post by Rocco Scappatura
# for defanging bad headers only turn on certain minor contents
$defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header
Should I comment it or what I have to do to disable this check?
Removing this line prevents defanging (pushing original
mail contents into an attachment), but does not disable
a check or a warning it creates.

You probably want:
$allowed_header_tests{'control'} = 0;

Search for '%allowed_header_tests' in RELEASE_NOTES.

Mark

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Rocco Scappatura
2007-05-21 16:44:58 UTC
Permalink
Post by Mark.Martinec+ (Mark Martinec)
Post by Rocco Scappatura
I get these warning..
WARNING: bad headers - Improper use of control character
Subject: Richiesta di Invio Schede Prodotto\r \n
If this is coming from your clients, these really need to be
fixed, using a bare CR within a header is an ugly offense.
Allowing such headers may lead careless mail clients to think
a header field ends there.
Post by Rocco Scappatura
# for defanging bad headers only turn on certain minor contents
$defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header
Should I comment it or what I have to do to disable this check?
Removing this line prevents defanging (pushing original mail
contents into an attachment), but does not disable a check or
a warning it creates.
$allowed_header_tests{'control'} = 0;
Search for '%allowed_header_tests' in RELEASE_NOTES.
Thanks a lot Mark..

Could I disable the check only for incoming mail?

rocsca

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Mark.Martinec+ (Mark Martinec)
2007-05-21 16:51:54 UTC
Permalink
rocsca,
Post by Rocco Scappatura
Post by Mark.Martinec+ (Mark Martinec)
$allowed_header_tests{'control'} = 0;
Search for '%allowed_header_tests' in RELEASE_NOTES.
Could I disable the check only for incoming mail?
Yes, you can disable the setting globally,
and re-enable it for locally originating mail
with a help of a policy bank, e.g.:

$allowed_header_tests{'control'} = 0;

$policy_bank{'MYNETS'} = {
allowed_header_tests => {'control' => 1},
};

Mark

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Jo Rhett
2007-05-22 06:18:04 UTC
Permalink
Post by Mark.Martinec+ (Mark Martinec)
Post by Rocco Scappatura
Subject: Richiesta di Invio Schede Prodotto\r \n
If this is coming from your clients, these really need to be fixed,
using a bare CR within a header is an ugly offense. Allowing such
Is there a control option to immediately reject such a message? It's
the best way to get the client's attention ... ;-)
--
Jo Rhett
Network/Software Engineer
Net Consonance

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Loading...