Re: [exim] Spam using a space to separate message body and h…

Pàgina inicial
Aquest missatge és part del següent fil:
M+\l'arbre de fils complet ordenat per data
MMMMarc Sherman en <-
.MPhilip Hazel en ->
Delete this message
Reply to this message
Autor: Exim User's Mailing List
Data:  
A: exim-users
Assumpte: Re: [exim] Spam using a space to separate message body and header...
Fred Viles wrote:
> On 3 Sep 2005 at 11:56, Ted Cooper wrote about
>     "Re: [exim] Spam using a space to se":

> 
> |...
> | To the RFC's!
> |... 
> |    However, where CFWS occurs in this standard, it MUST NOT be inserted
> |    in such a way that any line of a folded header field is made up
> |    entirely of WSP characters and nothing else.

>
> Interesting. So it seems arguable that exim should not have
> interpreted the <CRLF><space><CRLF> as a valid header continuation
> line. Since it is also not a valid header first line, it should have
> signaled the end of the headers, and been treated as the first
> message body line.
>
> - Fred

I found the be all and end all for this matter in another section which I have
listed at the end, however, as for interpreting the above..
I think this in reference to creating a message in the first place. You MUST
NOT create a folded header with only white space because when you unfold them
and the CRLF all become "invisible" all you get is the one header line with a
few white spaces in it.

By the definition of folding, the following is perfectly allowed because a
CRLF is followed by any WSP char - the header then continues on it's way as
another CRLF again followed by a WSP char and the rest of the header.

Header: start
[WSP][CRLF]
[WSP]end

Or at least this is how it should be done when un-folding. It just states that
you MUST NOT _make_ a header with a WSP+CRLF line, so the email is bogus. When
it comes to unfolding, the above follows because WSP is a valid header token.
A WSP token doesn't need to be a "space", to can also be an HTAB. I'm sure
there's more if I read the spec more.

After further reading, I have found this section (which I really should have
read before :P) which someone circumvents the entire thing. It defines where
the header ends and the body starts.

<quote>
2.1. General Description
[snip]
A message consists of header fields (collectively called "the header
of the message") followed, optionally, by a body. The header is a
sequence of lines of characters with special syntax as defined in
this standard. The body is simply a sequence of characters that
follows the header and is separated from the header by an empty line
(i.e., a line with nothing preceding the CRLF).
</quote>

So basically, that message is all header and there's nothing that can be done
about it. The space at the beginning isn't an illegal character and a
non-empty line does not the end of headers make. hmm?
Treating the [WSP][CRLF] as the end of the headers breaks 2.2.1. Unstructured
Header Field Bodies which are allowed to contain they want except for
seperated CR and LF characters.

Ted.



Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-Re: [exim] (OT) Responsibility of ISPs to provide reliable outgoing SMTP to dynamic IP customers.[exim] Re: Mails stay in spool->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)