[Mimedefang] javascript in address header
Steffen Kaiser
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Thu Mar 21 10:34:06 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 20 Mar 2013, Joseph Brennan wrote:
> Ever see one of these?--
No, I didn't.
> To: Joe B <jb51 at columbia.edu<javascript:_e({}, 'cvml','jb51 at columbia.edu');>>
>
> I changed the name and address, but otherwise this is what someone on Gmail
> sent to a user here. The envelope RCPT was evidently normal, as logged by
> sendmail, but when we re-sent it to an Exchange system (still with a normal
> RCPT), Exchange rejected the header.
This is an invalid header after all, isn't it? The domain part after @
cannot contain <>.
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUUsaX58mjdm1m0FfAQIAxQgAk3f5S/jlPhzL8CkCWp23FfKYUouny4Tx
Y0CXG/jvbkFAeV91X2jPmVcCpgPVby2VkfHsQU5nK9ZtOxBpXeWdNtBjKk9Bl05h
Itdk/2Op35yCPm+F2orURjcaAgUx2B2Q7zeJn5wbi2vhFM7ITUSEzuzxAoFSlN1h
MPsZZsmFSnbz98VteDT40QAs0y/uhSSkN9zAAIuEqrnQb+70lWyujoTJ3jQuN7AO
JL/SHp5CBWTTQ5yh4qf5HFJ+KiZUjU/KOV3enq9PmAgZ7gNmgYNwcGKqO6mBmuHj
RRVQft63sdlGrlAaZ7iMEotk/esagQG7+/snM7zxTeLmLP7VPBGVNg==
=pymY
-----END PGP SIGNATURE-----
More information about the MIMEDefang
mailing list