[Esd-l] Html-trap and received mail from yahoo.com (Summary)

Frank Hahn buckeye+htmltrap at machlink.com
Mon May 20 07:39:01 PDT 2002 

On Fri, May 17, 2002 at 12:05:40PM -0500, Frank Hahn wrote:
> On Fri, May 17, 2002 at 07:06:37AM -0700, John Hardin wrote:
>> There's no X-Security: header, so the sanitizer didn't process it.
>> 
>> There's also not a Received: header for your local system (the latest
>> one is the Yahoo server receiving it) so it looks like fetchyahoo.pl
>> is delivering it directly to your mailbox rather than sending it via
>> the local MTA.
>>
> What you say above may be true and there could also be problems with
> the fetchyahoo.pl script, but I just turned on verbose logging in my
> .procmailrc file and had the fetchyahoo.pl script get the problem
> email again from yahoo.com.
> 
> Looking through the procmail log file, it sure looks like html-trap
> script is working on it.  I don't want to send the logging to the
> list, but if you are interested, I could send it to you direct.
>
It seems there is some problem with verion 1.2 of the fetchyahoo.pl
script.  When using this script to grab email from my yahoo.com
account and deliver it to my home account, the html-trap sanitizer
script would not quarantine files that were in the poison file.

 From the procmail log files, the email was going through the sanitizer
script, but for some reason, the X-Security header was not being
added.  I tried versions 1.128 and 1.134 of html-trap and saw the same
thing.

I sent Mr. Hardin copies of the verbose procmail log files and he
thought the email was also being scanned by his script.  He also
looked at the headers of one of the emails and also the entire email
itself.

On Saturday, I downloaded and installed a newer version 1.5 of the
fetchyahoo.pl script.  When downloading the same problem emails as
before, the sanitizer script now quarantined the files that
previously, it was not doing.

Because of this, I believe the problem is within the 1.2 version of
the fetchyahoo.pl script.  Looking through the Changelog file within
the fetchyahoo.pl archive, showed nothing of interest.

Thanks for the help.

-- 
Frank Hahn

"Do not meddle in the affairs of wizards, for you are crunchy and good
with ketchup."

More information about the esd-l mailing list