[opendmarc-users] Unable to parse From header field
Robert Schetterer
rs at sys4.de
Wed May 20 11:44:55 PDT 2015
Am 20.05.2015 um 20:25 schrieb Murray S. Kucherawy:
> On Wed, 20 May 2015, Urban Loesch wrote:
>> May 19 10:05:28 mil1 opendkim[5429]: 3lrVBc5GtLz11LwX: mail.isp55.de
>> [213.139.150.150] not internal
>> May 19 10:05:28 mil1 opendkim[5429]: 3lrVBc5GtLz11LwX: not authenticated
>> May 19 10:05:28 mil1 opendmarc[519]: 3lrVBc5GtLz11LwX: unable to parse
>> From header field
>> ...
>>
>> After some searching I found out that opendmarc does not recognize
>> some combinations in the "From:" field.
>>
>> For example:
>>
>> ...
>> From: "paket at dhl.com" <hkmlease>
>> ...
>> or
>> ...
>> From: ''paket at dhl.com'' <hkmlease>
>> (strange windows like double quote signs)
>> ...
>>
>> passes the filter without getting blocked.
>>
>> I'm still waiting for the original mail from my customer for further
>> analysis.
>>
>> This behaviour makes it easy to create some crappy formatted mail to
>> bypass opendmarc.
>> I have no idea if this is bug or not. What do you think about it?
>
> I would imagine the idea here is that some other component of your mail
> system would identify such a message as clearly bogus and reject it,
> independent of DMARC.
>
> What do others think? We could easily add an option that will cause
> OpenDMARC to request rejection of messages where From is unparseable.
>
> -MSK
> _______________________________________________
> opendmarc-users mailing list
> opendmarc-users at trusteddomain.org
> http://www.trusteddomain.org/mailman/listinfo/opendmarc-users
this is a well done virus wave i.e
http://p.mit42.de/view/c52b824b
some other have problems too catching them
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the opendmarc-users
mailing list