workround for bad headers

I get these warning..

WARNING: bad headers - Improper use of control character
(char 0D hex):
 Subject: Richiesta di Invio Schede Prodottor n

I saw the amavisd.conf:

# for defanging bad headers only turn on certain minor
contents
categories:
$defang_by_ccat{+CC_BADH.",3"} = 1;  # NUL or CR
character in header

Should I comment it or what I have to do to disable this
check?

What is it implies?

rocsca

------------------------------------------------------------
-------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and
take
control of your XML. No limits. Just data. Click to get it
now.
http://sourcefor
ge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

Rocco,

> I get these warning..
>
> WARNING: bad headers - Improper use of control
character (char 0D hex):
>  Subject: Richiesta di Invio Schede Prodottor n

If this is coming from your clients, these really need to be
fixed,
using a bare CR within a header is an ugly offense. Allowing
such
headers may lead careless mail clients to think a header
field
ends there.

> I saw the amavisd.conf:
>
> # for defanging bad headers only turn on certain minor
contents
> categories:
> $defang_by_ccat{+CC_BADH.",3"} = 1;  # NUL or
CR character in header
>
> Should I comment it or what I have to do to disable
this check?

Removing this line prevents defanging (pushing original
mail contents into an attachment), but does not disable
a check or a warning it creates.

You probably want:
  $allowed_header_tests{'control'} = 0;

Search for '%allowed_header_tests' in RELEASE_NOTES.

  Mark

------------------------------------------------------------
-------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and
take
control of your XML. No limits. Just data. Click to get it
now.
http://sourcefor
ge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

> > I get these warning..
> >
> > WARNING: bad headers - Improper use of control
character 
> (char 0D hex):
> >  Subject: Richiesta di Invio Schede Prodottor n
> 
> If this is coming from your clients, these really need
to be 
> fixed, using a bare CR within a header is an ugly
offense. 
> Allowing such headers may lead careless mail clients to
think 
> a header field ends there.
> 
> > I saw the amavisd.conf:
> >
> > # for defanging bad headers only turn on certain
minor contents
> > categories:
> > $defang_by_ccat{+CC_BADH.",3"} = 1;  #
NUL or CR character in header
> >
> > Should I comment it or what I have to do to
disable this check?
> 
> Removing this line prevents defanging (pushing original
mail 
> contents into an attachment), but does not disable a
check or 
> a warning it creates.
> 
> You probably want:
>   $allowed_header_tests{'control'} = 0;
> 
> Search for '%allowed_header_tests' in RELEASE_NOTES.

Thanks a lot Mark..

Could I disable the check only for incoming mail?

rocsca

------------------------------------------------------------
-------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and
take
control of your XML. No limits. Just data. Click to get it
now.
http://sourcefor
ge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

rocsca,

> > You probably want:
> >   $allowed_header_tests{'control'} = 0;
> > Search for '%allowed_header_tests' in
RELEASE_NOTES.

> Could I disable the check only for incoming mail?

Yes, you can disable the setting globally,
and re-enable it for locally originating mail
with a help of a policy bank, e.g.:

$allowed_header_tests{'control'} = 0;

$policy_bank{'MYNETS'} = {
  allowed_header_tests => {'control' => 1},
};

Mark

------------------------------------------------------------
-------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and
take
control of your XML. No limits. Just data. Click to get it
now.
http://sourcefor
ge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

Mark Martinec wrote:
>> WARNING: bad headers - Improper use of control
character (char 0D hex):
>>  Subject: Richiesta di Invio Schede Prodottor n
> 
> If this is coming from your clients, these really need
to be fixed,
> using a bare CR within a header is an ugly offense.
Allowing such

Is there a control option to immediately reject such a
message?  It's 
the best way to get the client's attention ... 

-- 
Jo Rhett
Network/Software Engineer
Net Consonance

------------------------------------------------------------
-------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and
take
control of your XML. No limits. Just data. Click to get it
now.
http://sourcefor
ge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/