INN commit: trunk (doc/pod/news.pod frontends/mailpost.in)

INN Commit rra at isc.org
Wed Jul 19 20:16:43 UTC 2017


    Date: Wednesday, July 19, 2017 @ 13:16:42
  Author: iulius
Revision: 10166

mailpost: add new "-z" parameter to remove header fields

Adds a "-z" parameter to remove any undesired headers from the gated
message.

Also, edits the incoming SMTP message's "Received:" header to remove any "for
<mailbox>" clause which contains the name of the news server (or its
domain).  It determines the name by examining "pathhost", "fromhost" and
"domain" (from file "inn.conf").  The reason for this is to protect the
gateway mailbox from spammers who may seek to abuse the gateway.  This will
also remove any "*-To:" headers that cite the news server host or domain
name (e.g. "Errors-To:" which are set to report back which user bounced by
using a mailbox pattern in the envelope).  As the gateway mailbox name is
now hidden, spammers will have to discover it via other means.  It's not
meant as an anti-spam measure by itself, but spammers can't spam that which
they can't find.  Since the administrator knows the message was gated, he
knows it was delivered to the gateway mailbox, so information deleted from
the trace header isn't "lost"; just merely hidden.  "For" clauses from
other "Received:" headers not specifying the mail server's host/domain are
left intact.

Thanks to Dieter Stussy for the patch.

Modified:
  trunk/doc/pod/news.pod
  trunk/frontends/mailpost.in

-----------------------+
 doc/pod/news.pod      |    6 ++++
 frontends/mailpost.in |   59 ++++++++++++++++++++++++++++++++++++------------
 2 files changed, 51 insertions(+), 14 deletions(-)

Modified: doc/pod/news.pod
===================================================================
--- doc/pod/news.pod	2017-07-11 19:39:27 UTC (rev 10165)
+++ doc/pod/news.pod	2017-07-19 20:16:42 UTC (rev 10166)
@@ -25,6 +25,12 @@
 
 =item *
 
+A new B<-z> parameter has been added to B<mailpost> to mention a list
+of header fields to remove from the gated message.  Thanks to Dieter
+Stussy for the patch.
+
+=item *
+
 Fixed a bug in B<inews> that was rejecting articles containing header
 fields whose length exceeded 998 bytes.  This limitation is for the
 length of a single line of a header field, not for the whole header

Modified: frontends/mailpost.in
===================================================================
--- frontends/mailpost.in	2017-07-11 19:39:27 UTC (rev 10165)
+++ frontends/mailpost.in	2017-07-19 20:16:42 UTC (rev 10166)
@@ -54,10 +54,11 @@
 
 $usage .= "[ -h ][ -n ][ -r addr ][ -f addr ][ -a approved ][ -d distribution ]" .
     "[ -m mailing-list ][ -b database ][ -o output-path ][ -c wait-time ]" .
-    "[ -x header[:header...] ][ -p port ][ -t tempdir ] newsgroups" ;
+    "[ -x header[:header...] ][ -z header[:header...] ][ -p port ]" .
+    "[ -t tempdir ] newsgroups";
 
-use vars qw($opt_r $opt_f $opt_a $opt_d $opt_m $opt_b $opt_n $opt_o $opt_h $opt_c $opt_x $opt_p $opt_t) ;
-getopts("hr:f:a:d:m:b:no:c:x:p:t:") || die "usage: $usage\n" ;
+use vars qw($opt_r $opt_f $opt_a $opt_d $opt_m $opt_b $opt_n $opt_o $opt_h $opt_c $opt_x $opt_z $opt_p $opt_t);
+getopts("hr:f:a:d:m:b:no:c:x:z:p:t:") || die "usage: $usage\n";
 die "usage: $usage\n" if $opt_h ;
 
 #
@@ -71,6 +72,10 @@
 my $WhereTo = $opt_o || $Submit ;
 my $Mailname = $INN::Config::fromhost || hostname ;
 
+my $Gateway = $INN::Config::fromhost || hostname;
+$Gateway .= '|' . $INN::Config::pathhost if $INN::Config::pathhost;
+$Gateway .= '|(.+\.)?' . $INN::Config::domain if $INN::Config::domain;
+
 my $Databasedir = $opt_b || $INN::Config::pathdb;
 die "Database path $Databasedir is not a directory\n" unless -d $Databasedir;
 die "Database directory $Databasedir is not writable\n" unless -w $Databasedir;
@@ -131,11 +136,18 @@
     $exclude .= '|' . join('|', split(/:/, $opt_x));
 }
 
+# Strip out news X-Complaints-To: and X-Trace: header fields since otherwise
+# posting may fail.  Other trace header fields will be renamed later on
+# to add 'X-' so we don't have to worry about them.
+my $skip = 'X-Complaints-To|X-Trace';
+if ($opt_z) {
+    $skip .= '|' . join('|', split(/:/, $opt_z));
+}
+
 $newsgroups = join ",", @ARGV ;
 
 die "usage:  $0 newsgroup [newsgroup ...]\n" unless $newsgroups;
 
-
 #
 # Do the header.  Our input is a mail message, with or without the From.
 #
@@ -214,6 +226,7 @@
 
     push @errorText, "($_)\n";
 
+    next if (/^($skip):\s/sio);
     next if /^Approved:\s/sio && defined($approved);
     next if /^Distribution:\s/sio && defined($distribution);
 
@@ -302,13 +315,19 @@
 	next ;
     }
 
-    # Strip out news X-Trace: and X-Complaints-To: headers since otherwise posting
-    # may fail.  Other trace headers will be renamed to add 'X-' so we don't have
-    # to worry about them.
-    if (/^X-(Trace|Complaints-To):\s*/sio) {
-        next ;
+    # Strip out any Received: header fields for clause to prevent spamming
+    # the gateway.
+    if (/^Received:\s*/sio) {
+        s/\s+for\s.+\@($Gateway)>?\s*//sio;
+        # FALLTHROUGH
     }
 
+    # Strip out any header fields with gateway mailbox to prevent spamming
+    # the gateway.
+    if (/^[A-Z]+-To:\s*/sio) {
+        next if /[@%=]($Gateway)/sio;
+    }
+
     # Random unknown header.  Prepend 'X-' if it is not already there.
     $_ = "X-$_" unless /^X-/sio ;
     $weird_mail_hdrs .= "$_\n";
@@ -637,7 +656,8 @@
 B<mailpost> [B<-hn>] [B<-a> I<addr>] [B<-b> I<database>] [B<-c> I<wait-time>]
 [B<-d> I<distribution>] [B<-f> I<addr>] [B<-m> I<mailing-list>]
 [B<-o> I<output-command>] [B<-p> I<port>] [B<-r> I<addr>] [B<-t> I<tempdir>]
-[B<-x> I<header>[B<:>I<header>...]] I<newsgroups>
+[B<-x> I<header>[B<:>I<header>...]] [B<-z> I<header>[B<:>I<header>...]]
+I<newsgroups>
 
 =head1 DESCRIPTION
 
@@ -646,10 +666,12 @@
 whitespace-separated list of group names to which to post the article
 (at least one newsgroup must be specified).
 
-Before feeding the article to B<inews>, it checks that the article has not
-been seen before, and it changes some headers (cleans up some address
-headers, removes X-Trace: and X-Complaints-To:, and puts C<X-> in front
-of unknown headers).
+Before feeding the article to B<inews>, it checks that the article has
+not been seen before, and it changes some header fields (cleans up some
+address headers, removes a few ones like X-Complaints-To: and X-Trace:,
+and puts C<X-> in front of unknown header fields).  The Received: and
+*-To: header fields are also altered to prevent spamming the gateway (the
+name of the news server or the domain name from F<inn.conf> are removed).
 
 If the article has been seen before (B<mailpost> records the Message-ID of
 each article it handles), then the article will be dropped with a non-zero
@@ -768,6 +790,15 @@
     Sender
     Subject
 
+=item B<-z> I<header>[B<:>I<header>...]
+
+A colon-separated list of additional header fields which should be removed.
+
+Removed header fields are:
+
+    X-Trace
+    X-Complaints-To
+
 =back
 
 =head1 FILES



More information about the inn-committers mailing list