Jump to content

j-f

Members
  • Content Count

    6
  • Joined

  • Last visited

Community Reputation

0 Neutral

About j-f

  • Rank
    Newbie
  1. No, all you need to remove are the double quotes (") around the boundary string in this line. This does not alter the "meaning" of that line; since the string 1495... does not contain spaces or special characters, both forms - with and withouts double quotes - are allowed.
  2. I recently discovered a certain spammer uses a trick with a malformed mail header that SpamCop's parser does not detect. It effectively hides the message body from being scanned, giving a "no links found" message. Here's how it works: They're using MIME 1.0 and a Content-Type header with a boundary string, but adding a fake boundary line at the end of the header: Return-Path: <bla[at]example.com> Received: from ... Message-ID: <x> From: Spammer <spammer[at]example.com> To: x Subject: Credit bla bla bla Date: Mon, 04 Apr 2016 20:36:52 +0600 MIME-Version: 1.0 Content-Type: text/html; boundary="--159210318256573" X-Priority: 3 X-MSMail-Priority: Normal ----159210318256573 <html> http://example.com/ </html> This causes SpamCop to think the header is malformed (ok, which it is... but mail clients like Apple Mail still display the message, as intended by the spammer) and stops parsing it. I hope something can be done on the backend to detect this trick and parse the mail body correctly. -- Johannes
  3. (Copy of my post in this thread http://forum.spamcop.net/forums/topic/16633-multipart-parsing/) Guys, I traced down the bug to the quotation marks in the Content-Type header. If the boundary (or any other optional part of the Content-Type header, like charset) has its value enclosed in double quotes, Spamcop fails to parse it correctly and hence doesn't find the boundaries in the mail's body (probably the quotes are included in the boundary string, which is wrong). This is a bug that someone fiddling in the Spamcop code must have introduced recently. Using of quotation marks in the Content-Type header is allowed per RFC 2045, section 5.1 "Syntax of the Content-Type Header Field" https://tools.ietf.o...045#section-5.1 If the boundary string does not contain special characters like spaces, brackets or colons etc. (called tspecials in the RFC), the double quotes can be omitted; just remove them before submitting the spam and the parser again finds the links in the body... -- Johannes
  4. j-f

    Links not detected in body

    (Copy of my post in this thread http://forum.spamcop.net/forums/topic/16633-multipart-parsing/) Guys, I traced down the bug to the quotation marks in the Content-Type header. If the boundary (or any other optional part of the Content-Type header, like charset) has its value enclosed in double quotes, Spamcop fails to parse it correctly and hence doesn't find the boundaries in the mail's body (probably the quotes are included in the boundary string, which is wrong). This is a bug that someone fiddling in the Spamcop code must have introduced recently. Using of quotation marks in the Content-Type header is allowed per RFC 2045, section 5.1 "Syntax of the Content-Type Header Field" https://tools.ietf.o...045#section-5.1 If the boundary string does not contain special characters like spaces, brackets or colons etc. (called tspecials in the RFC), the double quotes can be omitted; just remove them before submitting the spam and the parser again finds the links in the body... -- Johannes
  5. j-f

    Multipart parsing

    Guys, I traced down the bug to the quotation marks in the Content-Type header. If the boundary (or any other optional part of the Content-Type header, like charset) has its value enclosed in double quotes, Spamcop fails to parse it correctly and hence doesn't find the boundaries in the mail's body (probably the quotes are included in the boundary string, which is wrong). This is a bug that someone fiddling in the Spamcop code must have introduced recently. Using of quotation marks in the Content-Type header is allowed per RFC 2045, section 5.1 "Syntax of the Content-Type Header Field" https://tools.ietf.org/html/rfc2045#section-5.1 If the boundary string does not contain special characters like spaces, brackets or colons etc. (called tspecials in the RFC), the double quotes can be omitted; just remove them before submitting the spam and the parser again finds the links in the body... -- Johannes
  6. j-f

    Reporting problems today?

    SpamCop (web reporting) is not working for me for some days already Always ending up with Gateway Timeout The proxy server did not receive a timely response from the upstream server. Reference #1.94af3554.1341688604.da3d260 What for did you set up a Twitter account recently? There's no status update!
×