[Mimedefang] suspicious characters in headers
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Fri Aug 13 03:19:48 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 12 Aug 2010, Fred Bacon wrote:
> of Allergy and Infectious Diseases. I can't see anything which I would
> consider suspicious in the headers listed in the quarantine message.
> Could someone explain what constitutes "suspicious characters" and how
> this might be circumvented for these messages? Is there any control
> over the algorithm, or is this a case where I have to turn off this
> feature completely to avoid the problem?
See "mimedefang.c" safe_append_header(). Suspicious characters are CR
('\r'), which are not followed by LF ('\n').
You see that the function does replace those lone CRs by a single space.
Others might interprete this RFC-violating fact as LF, hence, there would
be another header that the MUAs would parse, with many implications.
You could try:
1) tell the sender that the message is malformed and point them where,
2) rebuilt the messages from the gov and reject the others. I suppose
MIMEDefang uses "safe" headers then, but I never tried that myself.
I had the same problem with a CVS check-in announcement list, where the
Subject header line had embedded CRs taken from the checkin comment,
because the software interpreted the comment in Unix-style, but some
clients uploaded Windows-style text.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the MIMEDefang