Closed Bug 220877 Opened 21 years ago Closed 20 years ago

Filter rule checking sender's address gives a match for malformed "From:" lines

Categories

(MailNews Core :: Filters, defect)

Product:
MailNews Core
Component:
Filters
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 202169

People

(Reporter: bugs_mozilla_2q1889, Assigned: sspitzer)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624

The following is an example of a junk mail that gets recognized (although it
shouldn't) by my "known senders" filter rule:

---
From - Wed Oct 01 09:24:56 2003
X-UIDL: 002c6065fbbee39cab9c5023eb4e7b46
X-Mozilla-Status: 0401
X-Mozilla-Status2: 00000000
Return-Path: <jerry.larking@btinternet.com>
X-Flags: 0000
Delivered-To: GMX delivery to kalium@gmx.de
Received: (qmail 8661 invoked by uid 65534); 1 Oct 2003 07:04:31 -0000
Received: from rhenium.btinternet.com (EHLO rhenium.btinternet.com) (194.73.73.93)
  by mx0.gmx.net (mx033-rz3) with SMTP; 01 Oct 2003 09:04:31 +0200
Received: from dial81-131-178-4.in-addr.btopenworld.com ([81.131.178.4] helo=zuir)
	by rhenium.btinternet.com with smtp (Exim 3.22 #23)
	id 1A4asU-0005vq-00; Wed, 01 Oct 2003 07:54:27 +0100
FROM: "Microsoft Internet Mail System" < >
TO: "Network Recipient" <client@mxdomain.com>
SUBJECT: Abort Message
Mime-Version: 1.0
Content-Type: multipart/alternative;
	boundary="nwrpbokni"
Message-Id: <E1A4asU-0005vq-00@rhenium.btinternet.com>
Date: Wed, 01 Oct 2003 07:54:27 +0100
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 0 (Mail was not recognized as spam)
---

I think the problem is related to the first line of the message. My "known
senders" filter rule consists of three rules:

1.) check if sender is in address book one
2.) check if sender is in address book two
3.) check if sender contains my domain name

Reproducible: Always

Steps to Reproduce:
see details
Actual Results:  
see details

Expected Results:  
Don't apply the filter rule.
Problem still exists after upgrade to Mozilla 1.5 (stable, WinXP).
"Sender" does not mean "From:" header.
For example, "Resent-From:" is also condidered as "Sender".
Can you separate your filter to three filters which action is "Move to folder"
and take filter log in order to clarify the problem?
Well, it seems that the problem is related to empty email address fields -- that
they are matched even if both (address book and email header) are empty! The
rule checking it against address books should ignore address book entries with
missing email addresses.

Filterlog:

Applied filter "Known Senders" to message from "" < > - at 10/18/2003 07:44 AM
Action = Move to folder mailbox://123456@pop.gmx.de/Inbox/KnownSenders id =
20031018054447.EOTD17813.fep05-svc.mail.telepac.pt@kwzzoow

Message source:

From - Sat Oct 18 10:41:51 2003
X-UIDL: 7043b34e1e9a67c274d8b9ea41670633
X-Mozilla-Status: 0401
X-Mozilla-Status2: 00000000
Return-Path: <gomesmiranda@mail.telepac.pt>
X-Flags: 0000
Delivered-To: GMX delivery to kalium@gmx.de
Received: (qmail 11993 invoked by uid 65534); 18 Oct 2003 06:32:27 -0000
Received: from unknown (HELO relay1) (212.55.154.48)
  by mx0.gmx.net (mx027-rz3) with SMTP; 18 Oct 2003 08:32:27 +0200
Received: (qmail 25868 invoked by uid 0); 18 Oct 2003 05:44:52 -0000
Received: from unknown (HELO fep05-svc.mail.telepac.pt) (194.65.5.209)
  by relay6 with SMTP; 18 Oct 2003 05:44:52 -0000
Received: from kwzzoow ([213.13.76.204]) by fep05-svc.mail.telepac.pt
          (InterMail vM.5.01.04.13 201-253-122-122-113-20020313) with SMTP
          id <20031018054447.EOTD17813.fep05-svc.mail.telepac.pt@kwzzoow>;
          Sat, 18 Oct 2003 06:44:47 +0100
FROM: "" < >
TO: "Inet Client" <receiver@maildomain.com>
Mime-Version: 1.0
Content-Type: multipart/alternative;
	boundary="nodiquqxrkv"
Message-Id: <20031018054447.EOTD17813.fep05-svc.mail.telepac.pt@kwzzoow>
Date: Sat, 18 Oct 2003 06:44:58 +0100
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 0 (Mail was not recognized as spam)

--nodiquqxrkv
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<HTML>
<HEAD></HEAD>
<BODY>
<iframe src=3D"cid:fajizf" height=3D0 width=3D0></iframe>
<BR><BR>Hi.
<BR>I'm afraid =
the message returned below could not be delivered =
to one or more destinations.<BR>
<BR><BR><BR>Undelivered mail to <B>zrqhllifz@microsoft.net</B>

<BR><BR><BR>Message follows:<BR><BR><BR><BR>
</BODY></HTML>

--nodiquqxrkv
Content-Type: audio/x-wav; name="glmoo.exe"
Content-Transfer-Encoding: base64
Content-Id: <fajizf>
I confirm this is happening to me also.

I have a "knowns" mail filter, which says if the address matches anything in my
address book, move to my real inbox.

When spammers send emails with a blank from field, or just <>, it is considered
matched, and gets moved as if it were from knowns.

I already checked, to ensure I do not have any blank addresses in address book.

Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007

*** This bug has been marked as a duplicate of 202169 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.