[Mimedefang] suspicious characters in headers
Steffen Kaiser
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Fri Aug 13 03:19:48 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 12 Aug 2010, Fred Bacon wrote:
> of Allergy and Infectious Diseases. I can't see anything which I would
> consider suspicious in the headers listed in the quarantine message.
>
> Could someone explain what constitutes "suspicious characters" and how
> this might be circumvented for these messages? Is there any control
> over the algorithm, or is this a case where I have to turn off this
> feature completely to avoid the problem?
See "mimedefang.c" safe_append_header(). Suspicious characters are CR
('\r'), which are not followed by LF ('\n').
You see that the function does replace those lone CRs by a single space.
Others might interprete this RFC-violating fact as LF, hence, there would
be another header that the MUAs would parse, with many implications.
You could try:
1) tell the sender that the message is malformed and point them where,
2) rebuilt the messages from the gov and reject the others. I suppose
MIMEDefang uses "safe" headers then, but I never tried that myself.
I had the same problem with a CVS check-in announcement list, where the
Subject header line had embedded CRs taken from the checkin comment,
because the software interpreted the comment in Unix-style, but some
clients uploaded Windows-style text.
Regards,
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBTGTyGUgddVksjRnHAQLqSggAhbK72NaYX/4IOjPr+fGiVh0iTzaSJcsW
4hNa0UEI1tP6skTYN4LEw/6Ike+yC/YeEe4Dwat1Jhi/PkOL9FxdIzrwe18LdHvf
ztsnfBATpH2Hp5iPa+xTsfuIVgCSexOmbA61H6yMq50WjZdhim7TqWCwgFE4yJwp
i7GGCHwI5pP6O9q6rjVNI9xSv32Mepz7ewXYd6TTgCZFn9kp5N37JJWK/OWFjKXc
GuKOwZvHvB6dAizBYcNrVVM98l20OQ5Iqo6V235v0XpIbIWfumnlbZW4jNjayIy/
2jDsmr9/lTS7CbFylsZ1CkFIRJHZy2QdnUtt00RqNFf2tGtRNXJq8A==
=QFLZ
-----END PGP SIGNATURE-----
More information about the MIMEDefang
mailing list