Environment: cPanel/WHM using Exim 4.91.
I noticed that our "Global Email Filters" (cPanel parlance) weren't working correctly on emails sent by certain ISPs.
To make a long story short, I discovered that email headers that incorrectly use newlines are causing the filtering to not work correctly. Some examples are below.
Filter works
X-Custom-Header: allOneLine
To: "[email protected]" <[email protected]>
This message IS correctly filtered by Exim.
Filter does not work
X-Custom-Header: line1
line2
To: "[email protected]" <[email protected]>
This message is NOT correctly filtered by Exim due to the newline in X-Custom-Header that is not followed immediately by whitespace.
Filter works
To: "[email protected]" <[email protected]>
X-Custom-Header: line1
line2
This message IS correctly filtered by Exim. There is an invalid newline in the X-Custom-Header, but the To filter precedes the newline, so filtering succeeds.
Filter works
X-Custom-Header: line1
line2
To: "[email protected]" <[email protected]>
This message IS correctly filtered by Exim. Although there is a newline in X-Custom-Header, the subsequent line begins with whitespace.
I've reviewed the actual Exim filters that cPanel creates in /etc/vfilters/example.com, and I don't see any obvious problems. So, it seems that this may be a bug in Exim. If a header contains a newline that is not followed immediately by whitespace, filtering will not be performed on subsequent headers.
I do understand that using a newline that is not followed by whitespace is syntactically invalid (RFC 2822; search for "folding"). The problem is that we obviously don't have control over other senders' headers. It seems that legitimate senders are guilty of committing this sin. Yahoo, for example, includes an "Outgoing Spam Guard" header (X-YMail-OSG) that contains newlines not followed by whitespace.
Does this indeed appear to be a bug in Exim?
What are the potential workarounds?
0 Answers