HEAD eFa-learn.php

Bugs in eFa 4
Post Reply
forhire
Posts: 30
Joined: 10 Jun 2021 16:54

HEAD eFa-learn.php

Post by forhire »

I've noticed that some mail clients are querying /mailscanner/eFa-learn.php as HEAD. In reviewing the learned emails it would appear some mail clients are checking every URL in the email using HEAD. This is generating a lot of false sa-learn submissions.

sudo grep eFa-learn /var/log/httpd/ssl_access_log | grep HEAD
192.168.0.254 - - [04/May/2022:14:43:31 -0700] "HEAD /mailscanner/eFa-learn.php?mid=4KtmFT0mK7zB48FF&r=3cc89d8dfbf0db2cf8a5 HTTP/1.1" 200 -

As a stop gap measure I added the following to my .htaccess
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(HEAD|DELETE)
RewriteRule .* - [F]

"HEAD /mailscanner/eFa-learn.php?mid=4KtmFT0mK7zB48FF&r=3cc89d8dfbf0db2cf8a5 HTTP/1.1" 403 -

Due to the wide distribution of my email users I had to turn off trusted networks to allow easier spam submissions.

I'm wondering if eFa-learn.php should be modified to offer up a confirmation button. Because the sa-learn is performed before the page returns anything the delay can be unnerving for some users. Would it be better to quickly return a page with a submission button and then sa-learn following the button click?
forhire
Posts: 30
Joined: 10 Jun 2021 16:54

Re: HEAD eFa-learn.php

Post by forhire »

I've disabled the .htaccess HEAD filter as I've completed adding a submit button to the submission page. So far this is working. It loads quick and only is delayed once submitted. Sa-learn can be slow sometimes.

Basically I added an html form along with flag called $subm. If true then it passes $mid and the $token for sa-learn.

Code: Select all

     34     if (isset($_GET['mid']) && isset($_GET['subm']) && (isset($_GET['r']) || isset($_GET['amp;r']))) {
     35         dbconn();
     36         $mid = deepSanitizeInput($_GET['mid'], 'url');
     37         if ($mid === false || !validateInput($mid, 'msgid')) {
     38             die();
     39         }
     40         $subm = deepSanitizeInput($_GET['subm'], 'url');
     41         if ($subm === false) {
     42             die();
     43         }
I inserted the html form below the first if statement

Code: Select all

    117     } elseif (isset($_GET['mid']) && (isset($_GET['r']) || isset($_GET['amp;r']))) {
    118         $mid = deepSanitizeInput($_GET['mid'], 'url');
    119         if ($mid === false || !validateInput($mid, 'msgid')) {
    120             die();
    121         }
    122         if (isset($_GET['amp;r'])) {
    123             $token = deepSanitizeInput($_GET['amp;r'], 'url');
    124         } else {
    125             $token = deepSanitizeInput($_GET['r'], 'url');
    126         }
    127         if (!validateInput($token, 'releasetoken')) {
    128             header('Location: login.php?error=pagetimeout');
    129             die();
    130         }
    131         $subm = true;
    132         $url = parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
    133         $output[] = 'Submit Message: ' . $mid . '.';
    134         $output[] = '<form method="get" action="' . $url . '">';
    135         $output[] = '<input type="hidden" name="mid" value="' . $mid . '" />';
    136         $output[] = '<input type="hidden" name="r" value="' . $token . '" />';
    137         $output[] = '<input type="hidden" name="subm" value="' . $subm . '" />';
    138         $output[] = '<p><input type="submit" value="Submit"></p>';
    139         $output[] = '</form>';
I also changed the page title. No functional need.

Code: Select all

159         <h1>' . __('spam103') . " " .  __('learn03') . '</h1>' . "\n";
Attachments
Screen Shot 2022-05-06 at 7.29.01 PM.png
Screen Shot 2022-05-06 at 7.29.01 PM.png (90.33 KiB) Viewed 537 times
eFa-learn.zip
eFa-learn.php
(4.84 KiB) Downloaded 25 times
freyuh
Posts: 58
Joined: 04 Oct 2018 11:21

Re: HEAD eFa-learn.php

Post by freyuh »

Thanks for the good idea and the code.
I will test it in my installations the next days.
forhire
Posts: 30
Joined: 10 Jun 2021 16:54

Re: HEAD eFa-learn.php

Post by forhire »

freyuh wrote: 09 May 2022 17:08 Thanks for the good idea and the code.
I will test it in my installations the next days.
Did you ever get a chance to play with this? A quick look at my logs suggests it's working well for my users.
freyuh
Posts: 58
Joined: 04 Oct 2018 11:21

Re: HEAD eFa-learn.php

Post by freyuh »

Oh shit. I forgot it completely :(
Will configure it right now ...
freyuh
Posts: 58
Joined: 04 Oct 2018 11:21

Re: HEAD eFa-learn.php

Post by freyuh »

It seems to be working ...
forhire
Posts: 30
Joined: 10 Jun 2021 16:54

Re: HEAD eFa-learn.php

Post by forhire »

Something changed in the Trusted Networks. Previously, if Trusted Networks was empty then all networks would be allowed. Now all are blocked (redirected to login). I added 0.0.0.0/1, 128.0.0.0/2, 192.0.0.0/3, 224.0.0.0/4 to open it up and make it work as previously. Obviously running classless isn't the best practice but it's been working.

Another issue. The numbering in Trusted Networks appears to be incorrect.

Below is the list of current trusted networks:

1) 0.0.0.0/1
1) 128.0.0.0/2
2) 192.0.0.0/3
2) 224.0.0.0/4
User avatar
shawniverson
Posts: 3589
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: HEAD eFa-learn.php

Post by shawniverson »

I'll tackle these two issues.
Post Reply