I've noticed that some mail clients are querying /mailscanner/eFa-learn.php as HEAD. In reviewing the learned emails it would appear some mail clients are checking every URL in the email using HEAD. This is generating a lot of false sa-learn submissions.
sudo grep eFa-learn /var/log/httpd/ssl_access_log | grep HEAD
192.168.0.254 - - [04/May/2022:14:43:31 -0700] "HEAD /mailscanner/eFa-learn.php?mid=4KtmFT0mK7zB48FF&r=3cc89d8dfbf0db2cf8a5 HTTP/1.1" 200 -
As a stop gap measure I added the following to my .htaccess
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(HEAD|DELETE)
RewriteRule .* - [F]
"HEAD /mailscanner/eFa-learn.php?mid=4KtmFT0mK7zB48FF&r=3cc89d8dfbf0db2cf8a5 HTTP/1.1" 403 -
Due to the wide distribution of my email users I had to turn off trusted networks to allow easier spam submissions.
I'm wondering if eFa-learn.php should be modified to offer up a confirmation button. Because the sa-learn is performed before the page returns anything the delay can be unnerving for some users. Would it be better to quickly return a page with a submission button and then sa-learn following the button click?
HEAD eFa-learn.php
Re: HEAD eFa-learn.php
I've disabled the .htaccess HEAD filter as I've completed adding a submit button to the submission page. So far this is working. It loads quick and only is delayed once submitted. Sa-learn can be slow sometimes.
Basically I added an html form along with flag called $subm. If true then it passes $mid and the $token for sa-learn.
I inserted the html form below the first if statement
I also changed the page title. No functional need.
Basically I added an html form along with flag called $subm. If true then it passes $mid and the $token for sa-learn.
Code: Select all
34 if (isset($_GET['mid']) && isset($_GET['subm']) && (isset($_GET['r']) || isset($_GET['amp;r']))) {
35 dbconn();
36 $mid = deepSanitizeInput($_GET['mid'], 'url');
37 if ($mid === false || !validateInput($mid, 'msgid')) {
38 die();
39 }
40 $subm = deepSanitizeInput($_GET['subm'], 'url');
41 if ($subm === false) {
42 die();
43 }
Code: Select all
117 } elseif (isset($_GET['mid']) && (isset($_GET['r']) || isset($_GET['amp;r']))) {
118 $mid = deepSanitizeInput($_GET['mid'], 'url');
119 if ($mid === false || !validateInput($mid, 'msgid')) {
120 die();
121 }
122 if (isset($_GET['amp;r'])) {
123 $token = deepSanitizeInput($_GET['amp;r'], 'url');
124 } else {
125 $token = deepSanitizeInput($_GET['r'], 'url');
126 }
127 if (!validateInput($token, 'releasetoken')) {
128 header('Location: login.php?error=pagetimeout');
129 die();
130 }
131 $subm = true;
132 $url = parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
133 $output[] = 'Submit Message: ' . $mid . '.';
134 $output[] = '<form method="get" action="' . $url . '">';
135 $output[] = '<input type="hidden" name="mid" value="' . $mid . '" />';
136 $output[] = '<input type="hidden" name="r" value="' . $token . '" />';
137 $output[] = '<input type="hidden" name="subm" value="' . $subm . '" />';
138 $output[] = '<p><input type="submit" value="Submit"></p>';
139 $output[] = '</form>';
Code: Select all
159 <h1>' . __('spam103') . " " . __('learn03') . '</h1>' . "\n";
- Attachments
-
- Screen Shot 2022-05-06 at 7.29.01 PM.png (90.33 KiB) Viewed 301 times
-
- eFa-learn.zip
- eFa-learn.php
- (4.84 KiB) Downloaded 18 times
Re: HEAD eFa-learn.php
Thanks for the good idea and the code.
I will test it in my installations the next days.
I will test it in my installations the next days.
Re: HEAD eFa-learn.php
Oh shit. I forgot it completely 
Will configure it right now ...

Will configure it right now ...