Re: [exim] Spam using a space to separate message body and h…

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Alan J. Flavell
Data:  
Para: exim-users
Asunto: Re: [exim] Spam using a space to separate message body and header...
On Fri, 2 Sep 2005, Fred Viles wrote:

> |    However, where CFWS occurs in this standard, it MUST NOT be inserted
> |    in such a way that any line of a folded header field is made up
> |    entirely of WSP characters and nothing else.

>
> Interesting. So it seems arguable that exim should not have
> interpreted the <CRLF><space><CRLF> as a valid header continuation
> line. Since it is also not a valid header first line, it should have
> signaled the end of the headers, and been treated as the first
> message body line.


Could one suggest that it should have failed header syntax checks,
based on that MUST NOT? I have the gut feeling that if mail clients
are going to interpret this invalid syntax in various ways, it has the
makings of a potential security exposure, with some treating the
following lines as headers and others as part of the body. Best not
to let the offending item get that far, IMHO.