[exim] MIME question

Pàgina inicial
Delete this message
Reply to this message
Autor: Michael Haardt
Data:  
A: exim-users
Assumpte: [exim] MIME question
Hello,

trying to understand some things, I fell over the following
example:

----------------------------------------------------------------------
Received: from localhost
by relay1.example.com; Mon, 05 Jul 1999 14:55:26 -0400
From: <test@???>
To: test@???
Subject: test
Mime-Version: 1.0
Content-Type: message/rfc822
Content-Transfer-Encoding: 8bit
Message-ID: <msg.id0@???>
Date: Mon, 05 Jul 1999 14:55:26 -0400

Received: from localhost
by relay1.example.com; Mon, 05 Jul 1999 14:55:26 -0400
From: <test@???>
To: test@???
Subject: test
Mime-Version: 1.0
Content-Type: message/plain
Content-Transfer-Encoding: 8bit
Message-ID: <msg.id1@???>
Date: Mon, 05 Jul 1999 14:55:26 -0400

body
----------------------------------------------------------------------

According to MIME, that's fine, but I am used to clients and scanners
recursively descending into message/rfc822 parts and I failed to find
anything describing that.

Changing the second Content-Type to message/rfc822 should generate an
error, because the "body" should be yet another header and a following
body. Right? Should I expect software to detect that error?

I see the potential for an attacker to use 50 headers and a 100 kB body,
thus generating 50 message files, each a little over 100 kB, and 5 MB
in total to scan.

Another point would be a message/rfc822 attachment with a broken MIME
structure. If I got the spec of demime right, exim saves such attachments
into their own files, processing them afterwards. A broken MIME structure
inside them will not affect scanning the containing message.

Does anybody know how other software works? To parse everything in a
linear fashion, you had to keep a stack of active boundaries. If any
boundary but the top matches, the MIME elements above are truncated.
Is that correct?

Michael