Re: [exim] MIME errors and MIME ACL

Top Page
Delete this message
Reply to this message
Author: John W. Baxter
Date:  
To: Exim-users
Subject: Re: [exim] MIME errors and MIME ACL
On 5/25/05 7:54 AM, "Tom Kistner" <tom@???> wrote:

> You'll probably get some collateral damage on the 1024 line length
> (should be max. 1000 as per RFC, but noone seems to care, in particular
> for HTML mail). Reducing file names to 255 is a good idea. There are
> some known exploits for older Outlook Express versions which are still
> in wide use.


Is anyone still exploiting the long Date: header issue with older Outlook
and Exchange combinations?

(It was possible to craft a Date: header which could infect the desktop
machine simply because the mailbox containing the bogus header was displayed
by Outlook. No clicking required. Patched long enough ago that probably no
one is bothering, although the exploit was fresh enough when we moved to
Exim that I put a check into the system filter.)

[And my system filter check caused problems with mail sent through the
Western Union system in some form (details forgotten)...which resulted in
two Date: headers which of course Exim put together to present to the
filter, exceeding my original length limit.]

--John