4/11 08 trunk build I have a filter rule: name="Blacklist" enabled="yes" type="1" action="Move to folder" actionValue="imap://email@example.com/_Spam" condition="AND (from,isn't in ab,moz-abmdbdirectory://abook.mab) AND (from,isn't in ab,moz-abmdbdirectory://history.mab)" I received an email with a blank FROM: header. Rather than have that email filtered to the _Spam folder as expected, it found its way into my inbox. Some bug in the filter evaluation allowed a blank from header to pass my AB test when it should not have.
-> Seth My guess here is that nsresult nsMsgSearchTerm::MatchRfc822String is bailing with FALSE because there are no addresses. I think it should make a special case check for m_operator == nsMsgSearchOp::IsntInAB in the case that count == 0.
Assignee: naving → sspitzer
*** Bug 232388 has been marked as a duplicate of this bug. ***
Note that the duplicate shows that a From: line with just an empty mail address -- not completely blank -- will also pass the "in the address book" test. And, as noted there, this means an easy bypass of the junk filter if the Whitelist-on-Addressbook feature is turned on, as most people have it.
*** Bug 220877 has been marked as a duplicate of this bug. ***
Why do mailservers accept incoming email without proper mail addresses? I don't think this fix should go directly into the addressbook's code. Reason: it is pretty valid to have empty address fields in an ab card and to search for them. But it is nonsense in case of a "is in ab" filter rule.
Are there any problems with the second patch?
Comment on attachment 150548 [details] [diff] [review] do not allow "is (not) in ab" matches when sender's mail address is not specified looks good to me.
Attachment #150548 - Flags: superreview+
Comment on attachment 150548 [details] [diff] [review] do not allow "is (not) in ab" matches when sender's mail address is not specified a=mkaply for 1.7.2. I see no reason to put this in 1.4.3 since 1.7 is the new stable branch.
if I didn't check this into the trunk and 1.0 branch, I will...
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
patch has sr but not r ??
You need to log in before you can comment on or make changes to this bug.