Re: [exim] MIME errors and MIME ACL

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMTom Kistner at <-
MMMarcin Owsiany at ->
Delete this message
Reply to this message
Author: John W. Baxter
Date:  
To: Exim-users
Subject: Re: [exim] MIME errors and MIME ACL
On 5/25/05 7:54 AM, "Tom Kistner" <tom@???> wrote:

> You'll probably get some collateral damage on the 1024 line length
> (should be max. 1000 as per RFC, but noone seems to care, in particular
> for HTML mail). Reducing file names to 255 is a good idea. There are
> some known exploits for older Outlook Express versions which are still
> in wide use.

Is anyone still exploiting the long Date: header issue with older Outlook
and Exchange combinations?

(It was possible to craft a Date: header which could infect the desktop
machine simply because the mailbox containing the bogus header was displayed
by Outlook. No clicking required. Patched long enough ago that probably no
one is bothering, although the exploit was fresh enough when we moved to
Exim that I put a check into the system filter.)

[And my system filter check caused problems with mail sent through the
Western Union system in some form (details forgotten)...which resulted in
two Date: headers which of course Exim put together to present to the
filter, exceeding my original length limit.]

--John




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] MIME errors and MIME ACLRe: [exim] Bogus HELOs->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)