| Summary | addReceivedHeader() interaction with SpamAssassin trustedpath |
| Queue | Horde Framework Packages |
| Type | Bug |
| State | Not A Bug |
| Priority | 2. Medium |
| Owners | mrubinsk (at) horde (dot) org |
| Requester | admin (at) dei (dot) unipd (dot) it |
| Created | 06/22/2016 (3303 days ago) |
| Due | |
| Updated | 06/24/2016 (3301 days ago) |
| Assigned | 06/22/2016 (3303 days ago) |
| Resolved | 06/24/2016 (3301 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | Yes |
State ⇒ Not A Bug
when the email in question must be shown to be transmitted in a secure
manner. For example, email that contains protected health information
covered by HIPAA must have an audit trail that shows completely secure
transmission (a minimum of TLS security and if webmail is used, SSL is
reqiured).
Assigned to Michael Rubinsky
State ⇒ Feedback
Priority ⇒ 2. Medium
Type ⇒ Bug
Summary ⇒ addReceivedHeader() interaction with SpamAssassin trustedpath
Queue ⇒ Horde Framework Packages
Milestone ⇒
Patch ⇒ Yes
State ⇒ Unconfirmed
Horde/Mime/Headers/Deprecated.php
function addReceivedHeader() adds:
Received from ... by ... (Horde Framework) with HTTP; ...
if $_SERVER['HTTPS'] is "on" adds:
Received from ... by ... (Horde Framework) with HTTPS; ...
This is "correct" but Spamassassin doesnt recognize it as a
authenticated user on trusted path
and check message against all remote IP rules.
Q&D workaround:
diff /usr/share/pear/Horde/Mime/Headers/Deprecated.php.orig
/usr/share/pear/Horde/Mime/Headers/Deprecated.php
146c146
< ($is_ssl ? 'S' : '') . '; ' . date('r')
---
diff
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Metadata/Received.pm*
408c408
< if (/ by / && / with ((?:ES|L|UTF8S|UTF8L)MTPS?A|ASMTP|HTTPU?)(?:
|;|$)/i) {
---
((?:ES|L|UTF8S|UTF8L)MTPS?A|ASMTP|HTTP(S|U)?)(?: |;|$)/i) {
Valerio Pulese